False positive

[jeff1326]

When i do this command

        $loader = new \phpMussel\Core\Loader(
            'storage/phpMussel/phpmussel.yml',
            'storage/phpMussel/cache',
            'storage/phpMussel/quarantine',
            'storage/phpMussel/signatures',
            'vendor'
        );

        $scanner = new \phpMussel\Core\Scanner($loader);
        $results = $scanner->scan(['test.jpg' => 'tests/storage/safe-files/test.jpg'], 3 /* array format */);

I get that result

array:1 [
  "37aa7ab73da281c1414b701f89a1417ed447a601b7c7226863e6f78d5a854ec1:860199:test.jpg" => "Detected ZBB-HTML.Defacement.D3BX-00 (test.jpg)!"
]

Here's the file that cause this false positive (I don't know if github will parse it so here's the sha1 sum : 6e8511da59b688343ea3911ccef060fc5a99ce36)

[Maikuolan]

Thanks for letting me know about this. :-)

The particular signature responsible for this false positive was a very old (9+ years) community-derived signature which hadn't been looked at in a very long time, and also isn't relevant to any current threats anymore, so I've removed it outright, along with a small handful of other, similarly outdated and no longer necessary signatures from two of the signature files (phpmussel.ndb, phpmussel_graphics.db). Updating the affected files to their latest available versions (pushed/available as of 9 minutes ago at the time of writing this reply) should solve the problem. Cheers. :-)

[jeff1326]

@Maikuolan Thank you for your awesome reactivity ! I really appreciate that 👍