Maikuolan
commented
2 weeks ago To be triggering PHP chameleon attack detection, the data resulting from processing the content of a file with phpMussel's "normalise" method (so, the content of the file minus any bytes outside the \x21-\x7E range, minus any HTML or HTML-like tags, and lowercased) must contain <?php somewhere. I'll see whether I'm able to tweak the code a little to help reduce these kinds of false positives.
gorai-sunil
I have converted a .wav file into an mp3 file. When this mp3 file is scanned through phpmussel it PHP chameleon attack is detected! And if I add mp3 value in can_contain_php_file_extensions from phpmussel.ini it works fine. But surprisingly when I checked with another sample.wav file and converted it into m3 it worked without any changes. So can I know the reason why my first file is not working without any changes in phpmussel.ini settings?