after scan coreruleset-main.zip by Microsoft defender for business version.

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

https://www.modsecurity.org

Apache License 2.0

8.04k stars 1.58k forks source link

after scan coreruleset-main.zip by Microsoft defender for business version. #3201

Open langenggithub opened 1 month ago

langenggithub commented 1 month ago

I got a message " Malware incident on one endpoint ,Dirtelti' backdoor was prevented" Microsoft defender has detected a computer virus. The name is Chopper ,high-severity malware. https://www.virustotal.com/gui/file/4a8d05c406d87672d2129f530739e44098cd53e14707730dd337f23015338552 Does anyone have the same situation?

thanks for reply.

langenggithub commented 1 month ago

scan by virutotal website. https://www.virustotal.com/gui/file/2829be8d468eca58fd99579176a94278a1318f40d8444871db9f240fe2b2e1a3?nocache=1 https://www.virustotal.com/gui/file/4a8d05c406d87672d2129f530739e44098cd53e14707730dd337f23015338552 any help!?

airween commented 1 month ago

after scan coreruleset-main.zip - perhaps you should have open this issue under Coreruleset repository - this is the ModSecurity repository :smiley:.

If I'm right, the "infected" file is 933111.yaml, which is a regression test file, written in YAML.

I'm not sure that's a virus, so I assume this is a false positive hit in the defender.