Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-16823

Clamav reports potential malware in Wildfly

    XMLWordPrintable

Details

    • Bug
    • Resolution: Not a Bug
    • Major
    • None
    • 26.1.1.Final
    • Web Console
    • None
    • Hide

      Run following to get access to clamav

      docker run --rm -it clamav/clamav /bin/ash

       

      Then inside the container, download wildfly release and scan for malware

      / # wget https://github.com/wildfly/wildfly/releases/download/26.1.1.Final/wildfly-26.1.1.Final.tar.gz
      / # tar zxf wildfly-26.1.1.Final.tar.gz

      / # clamscan --detect-pua=yes wildfly-26.1.1.Final/modules/system/layers/base/org/jboss/as/console/main/hal-console-3.5.12.Final-resources.jar

      Loading:    17s, ETA:   0s [========================>]    8.64M/8.64M sigs        
      Compiling:   4s, ETA:   0s [========================>]       41/41 tasks  

      /wildfly-26.1.1.Final/modules/system/layers/base/org/jboss/as/console/main/hal-console-3.5.12.Final-resources.jar: PUA.Html.Exploit.CVE_2012_0469-1 FOUND

      Show
      Run following to get access to clamav docker run --rm -it clamav/clamav /bin/ash   Then inside the container, download wildfly release and scan for malware / # wget https://github.com/wildfly/wildfly/releases/download/26.1.1.Final/wildfly-26.1.1.Final.tar.gz / # tar zxf wildfly-26.1.1.Final.tar.gz / # clamscan --detect-pua=yes wildfly-26.1.1.Final/modules/system/layers/base/org/jboss/as/console/main/hal-console-3.5.12.Final-resources.jar Loading:    17s, ETA:   0s [========================>]    8.64M/8.64M sigs         Compiling:   4s, ETA:   0s [========================>]       41/41 tasks   /wildfly-26.1.1.Final/modules/system/layers/base/org/jboss/as/console/main/hal-console-3.5.12.Final-resources.jar: PUA.Html.Exploit.CVE_2012_0469-1 FOUND
    • ---
    • ---

    Description

      Wildfly is flagged to potentially contain malware by clamav scanner.

      The malware that is found is tagged by clamav as PUA.Html.Exploit.CVE_2012_0469-1

      I believe this is false positive report:  It is originating from Pouchdb project, included in HAL console. I've written details at https://github.com/pouchdb/pouchdb/issues/8521 as well as reported this to clamav as false positive https://www.clamav.net/reports/fp  but there has been no response so far.

      This presents a problem when there is a policy of not delivering software with any potential malware findings - now Wildfly releases are flagged to potentially contain malware.

       

       

      Attachments

        Activity

          People

            bstansbe@redhat.com Brian Stansberry
            tero.saarni@gmail.com Tero Saarni
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: