AWS SDK api-2.json.php suspiciuos

Nextcloud version (eg, 29.0.5): 29.0.3
Operating system and version (eg, Ubuntu 29.04): Linux 6.5.0-41-generic x86_64
Apache or nginx version (eg, Apache 2.4.25): Apache/2 (hosting, no more info)
PHP version (eg, 8.3): 8.2.20

The issue you are facing:

I got my web hosting scanned by hosting provider and they reported this file as suspicious:


Is this a false positive?

Suspicious of what? You need to provide more detailed information to answer this question.

1 Like


I just got list of files that their scanner marked as suspicious (no more info for me either), but with annotation that those might be also false positive.

So I just wanted to verify if this file is OK to being there, since I see there a rather old date for api/library :woozy_face: so I’m thinking this might be a something old that was maybe just forgotten to be removed. :upside_down_face:

I did checked content, and it did not looked for me suspicious (I did had some php files in WP installs with some base64 encoded content - those disappeared as fast as Delete key work on my keyboard :laughing: )

It’s a false positive. That is a legitimate part of the aws-sdk-php from Amazon[1][2].

[1] aws-sdk-php/src/data/wafv2/2019-07-29 at master · aws/aws-sdk-php · GitHub
[2] 3rdparty/aws/aws-sdk-php/src/data/wafv2/2019-07-29 at master · nextcloud/3rdparty · GitHub


I got some answer, their scanner looks for code sequences and php instructions that are typical for infected files. In this case scanner was triggered because whole file is just one structure/array returned with elements like POST/EVAL/WAF etc…

(That how their answer sound in translation)

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.