Knowledgebase
Knowledgebase
Portal Home > Knowledgebase > Articles Database > Security issue with Moodle
Security issue with Moodle
Posted by ursa-musculus, 03-05-2014, 07:01 AM I know nothing about Moodle. That means: (i) I don't know where any given line of code fits into the suite as a whole, and (ii) I don't know how their community works, how their issue tracker is structured, etc. Does anyone here know something about Moodle who could tell me what's going on with this? ClamAV has picked up the following file as malicious (using Atomicorp's signatures): moodle / backup / converter / moodle1 / tests / moodle1_converter_test.php The offending line is line 273: Now, sure, I can see in context that it's part of a test to make sure that the code concerned is not broken. It's also a line that is supposed to fail, otherwise the test fails. It's also therefore a line of code that is unlikely ever to be called on a live site. But all the same, it seems very suspicious ever to even attempt something like that. It seems to me that security software would be quite correct to block a file that has that line of code in it. So: Can anyone tell me what's going on? How does someone feed into the Moodle community that there ought to be a less red-flag test to make sure that the non-existent files cannot be migrated?
Posted by actsupport, 03-10-2014, 03:21 AM Go through the link http://docs.moodle.org/26/en/Security_overview for Security overview report provided in Moodle site
Posted by tecsys, 03-10-2014, 04:39 AM Moodle has a security forum. May be they can give you more information on this. https://moodle.org/mod/forum/view.php?id=7301
Add to Favourites 
Print this Article
Also Read
