|
Bugzilla – Full Text Bug Listing |
| Summary: | clamav misdetection of python3.9 tarball / Win.Virus.Expiro-10026576-0 | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Marcus Meissner <meissner> |
| Component: | Incidents | Assignee: | Marcus Meissner <meissner> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | eugenio.paolantonio, max, mcepl, meissner |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Marcus Meissner
2024-04-09 07:41:58 UTC
seems the bundled windows archives of the pip wheel are problematic. /home/abuild/bs/SUSE:Maintenance:33236/python39.SUSE_SLE-15-SP3_Update/Python-3.9.19/Lib/ensurepip/_bundled/pip/_vendor/distlib/t32.exe: Win.Virus.Expiro-10026576-0 FOUND /home/abuild/bs/SUSE:Maintenance:33236/python39.SUSE_SLE-15-SP3_Update/Python-3.9.19/Lib/ensurepip/_bundled/pip/_vendor/distlib/t64-arm.exe: Win.Virus.Expiro-10026576-0 FOUND /home/abuild/bs/SUSE:Maintenance:33236/python39.SUSE_SLE-15-SP3_Update/Python-3.9.19/Lib/ensurepip/_bundled/pip/_vendor/distlib/t64.exe: Win.Virus.Expiro-10026576-0 FOUND /home/abuild/bs/SUSE:Maintenance:33236/python39.SUSE_SLE-15-SP3_Update/Python-3.9.19/Lib/ensurepip/_bundled/pip/_vendor/distlib/w32.exe: Win.Virus.Expiro-10026576-0 FOUND /home/abuild/bs/SUSE:Maintenance:33236/python39.SUSE_SLE-15-SP3_Update/Python-3.9.19/Lib/ensurepip/_bundled/pip/_vendor/distlib/w64-arm.exe: Win.Virus.Expiro-10026576-0 FOUND /home/abuild/bs/SUSE:Maintenance:33236/python39.SUSE_SLE-15-SP3_Update/Python-3.9.19/Lib/ensurepip/_bundled/pip/_vendor/distlib/w64.exe: Win.Virus.Expiro-10026576-0 FOUND Matej, would it be easy to remove them from the wheel? Otherwise we would go and hide the misdetection. (In reply to Marcus Meissner from comment #2) > Matej, would it be easy to remove them from the wheel? > > Otherwise we would go and hide the misdetection. Yes, we probably should. Let me have a look. SUSE-RU-2024:1195-1: An update that has one fix can now be installed. Category: recommended (moderate) Bug References: 1222509 Maintenance Incident: [SUSE:Maintenance:33315](https://smelt.suse.de/incident/33315/) Sources used: openSUSE Leap 15.5 (src): post-build-checks-malwarescan-0.1-150500.20.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-RU-2024:1194-1: An update that has one fix can now be installed. Category: recommended (moderate) Bug References: 1222509 Maintenance Incident: [SUSE:Maintenance:33314](https://smelt.suse.de/incident/33314/) Sources used: openSUSE Leap 15.4 (src): post-build-checks-malwarescan-0.1-150400.15.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. This doesn’t look like Python’s problem. We are getting similar false positives in SP6 for pip, distlib and virtualenv: [ 62s] unpacking /.build.packages/SRPMS/python312-pip-23.2.1-150600.1.3.src.rpm [ 62s] unpacking /.build.packages/RPMS/noarch/python312-pip-23.2.1-150600.1.3.noarch.rpm [ 62s] clamscan -ir --exclude (Python-3.*tar.xz|pip-.*-py3-none-any.whl) /usr/src/packages/BUILD/scan: [ 78s] /usr/src/packages/BUILD/scan/python312-pip-23.2.1-150600.1.3.src.rpm.d/pip-23.2.1-gh.tar.gz: Win.Virus.Expiro-10026576-0 FOUND [ 77s] clamscan -ir --exclude (Python-3.*tar.xz|pip-.*-py3-none-any.whl) /usr/src/packages/BUILD/scan: [ 77s] LibClamAV Warning: ************************************************** [ 77s] LibClamAV Warning: *** The virus database is older than 7 days! *** [ 77s] LibClamAV Warning: *** Please update it as soon as possible. *** [ 77s] LibClamAV Warning: ************************************************** [ 101s] /usr/src/packages/BUILD/scan/python3-virtualenv-20.17.1-150600.1.3.src.rpm.d/virtualenv-20.17.1.tar.gz: Win.Virus.Expiro-10026576-0 FOUND [ 77s] clamscan -ir --exclude (Python-3.*tar.xz|pip-.*-py3-none-any.whl) /usr/src/packages/BUILD/scan: [ 77s] LibClamAV Warning: ************************************************** [ 77s] LibClamAV Warning: *** The virus database is older than 7 days! *** [ 77s] LibClamAV Warning: *** Please update it as soon as possible. *** [ 77s] LibClamAV Warning: ************************************************** [ 101s] /usr/src/packages/BUILD/scan/python3-virtualenv-20.17.1-150600.1.3.src.rpm.d/virtualenv-20.17.1.tar.gz: Win.Virus.Expiro-10026576-0 FOUND can the whitelist be amended? Thanks in advance This weeeks clamav-database update seems to have removed the false positive already. so if you sync the maintenance snapshot it should go away. submitted removal of whitelisting python SUSE-RU-2024:1432-1: An update that has one fix can now be installed. Category: recommended (moderate) Bug References: 1222509 Maintenance Incident: [SUSE:Maintenance:33569](https://smelt.suse.de/incident/33569/) Sources used: openSUSE Leap 15.5 (src): post-build-checks-malwarescan-0.1-150500.20.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-RU-2024:1431-1: An update that has one fix can now be installed. Category: recommended (moderate) Bug References: 1222509 Maintenance Incident: [SUSE:Maintenance:33570](https://smelt.suse.de/incident/33570/) Sources used: openSUSE Leap 15.4 (src): post-build-checks-malwarescan-0.1-150400.15.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. |