False positive in Azure certification on http-malware-host.nse #3088
Description
Describe the bug
This is not really a bug in nmap per see, but rather a problem in the Azure security teams certification of virtual machines on their marketplace. They are getting a security warning on the URL in the following line -- | Host appears to be infected (/ts/in.cgi?open2 redirects to http://last-another-life.ru:8080/index.php)
We've pushed back but their response is:
We received update from engineering team that the file http-malware-host.nse contains a known highly malicious URL. Although it appears only in a comment, we recommend checking with the script's publisher to see if this URL can be removed. We are trying to minimize the presence of malicious URLs across the Microsoft ecosystem, and removing such references, even in comments, would help support that goal.
So we're kind of in a hard place as we need to include nmap in our virtual machines. Would it be possible for you to change the URL to something benign (like example.com)?
I assume that they will get a lot of push back on this one.
To Reproduce
Try to certify your virtual machine in the Azure marketplace with nmap installed.
Expected behavior
Possible to certify VMs in Azure marketplace.
Version info (please complete the following information):
The comment has been there in all versions for the last 16 years.
- OS: Ubuntu 22.04
- Output of
nmap --version:
Nmap version 7.80 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.6 openssl-3.0.2 nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.39 libpcap-1.10.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
Additional context
N/A