Nextcloud security scanner does not recognize my installed version of nextcloud

Hi,

just found the time to follow all the suggestions on of the warnings that are listed on the general tab of my settings page.

I managed to configure the opcache, install redis and APCU ( or ACPU , dont remember ) and i fixed the non-finished indexes.

After that i was curious and clicked on the “security-scan my system” link.

I got a bad rating : E because the scanner did not correctly identify my installed version of nextcloud -> 14.04

The scanner tells my my installed version is : 9.0.53.0

Is that a known bug?
Am i doing something wrong?

The only thread i found about this is more than a year old and it doesnt reveal a solution.

Any further help is appreciated.

Regards

Joerg

Hey Joerg,
did you check the date, when the last scan was made?
Maybe you have to trigger a re-scan.

grafik972×542 58.2 KB

John

The tool always tells the result fo the last scan. You need to press “trigger re-scan” to get the actual result. That can take some time.

Thank you guys,

i should have written that i already guessed that.
And i tried the rescan button a couple of times already.

Unfortunately the scanner is not so verbose with me.
If i click rescan it just opens a frame which tells me that the rescan will take some time.
The nothing seems to happen.
No spinning wheel of progress.
No success or failure messages.
The screen stays the same.
Refresh ( reload ) of the page shows the same data.
Closing the tab and navigating to scan.nextcloud.com and startallover gives the exact same results.

Might be i am doing something wrong.
If so, the operation of the scanner should be described a little bit more in detail.

Regards

Joerg

Just found out that i am probably not alone with that problem

https://help.nextcloud.com/t/security-scan-will-not-trigger-re-scan-last-scan-in-2017/42336/2

Re-scan worked fine for me, took a bit more than 5 tho, maybe around 10 minutes to display new scan results (last scan, about 10 days ago it was on 14.0.3).

NCP-ScanSecurityCheck-Screenshot-2018-12-01_11-06-391117×267 21.4 KB

Good idea…

… no help though.

Cleared the cache and even tried it with my other browser ( safari ).
Same result.

I would guess that the rescan will happen even if i close the popup that says “rescan triggered”.
Anyway i left that popup open now for at least 20 min already.
Does not work.

Screenshot_2018-12-01%20Nextcloud%20Security%20Scanner1166×498 33.6 KB

I am having the exact same issue, and my last scan was on the exact same date as yours. I posted here, Security Scan will not trigger re-scan - last scan in 2017

Rescanned this morning and all was well. Shows last scan date of 12/02/2018 at 8:55, and I scanned at 10:36AM ish (my time).

bringing this thread up, again…

With upgrade to latest NC version I lost my A+

The funny side of life: My brand new NC 16 installation says I am on 16.0.0 tough Security Scanner says 16.0.0.9 and not on current patch level

Bildschirmfoto 2019-04-25 um 15.53.22.png1842×1010 113 KB

Bildschirmfoto 2019-04-25 um 15.53.30.png2406×1290 335 KB

Maybe sombody forward this to the Security Scanner developer?

3 Days later and still same Rating? I am missing something? Otherwise your Security Scanner is incorrect.

@LukasReschke Could you address this issue with the Nextcloud security scanner?

Not sure if he is still with the nextcloud team. Haven’t seen him for a long time already.
Maybe @rullzer or @MorrisJobke? Not sure if you have time for that.

just for your information, checked it out a couple of minutes ago. Now it works again!
Thx!

I can confirm that it is working now. The only small glitch I can see is, that the time at which the test has been run is always shown in UTC, without being mentioned, and not the local time - so for Germany it is currently always 2h in the past.

Somebody should check the Security Scanner… again…
it’s not working, just showing red alert:

Scan failed! The scan for the specified domain failed. Either no Nextcloud or ownCloud can be found there or you tried to scan too many servers.