Bugzilla – Bug 1222509
clamav misdetection of python3.9 tarball / Win.Virus.Expiro-10026576-0
Last modified: 2024-04-24 16:30:04 UTC
/home/abuild/bs/SUSE:Maintenance:33236/python39.SUSE_SLE-15-SP3_Update/Python-3.9.19/Lib/ensurepip/_bundled/pip-23.0.1-py3-none-any.whl: Win.Virus.Expiro-10026576-0 FOUND (same also for previous update) so likely a false positive introduced by clamav database upstream
seems the bundled windows archives of the pip wheel are problematic. /home/abuild/bs/SUSE:Maintenance:33236/python39.SUSE_SLE-15-SP3_Update/Python-3.9.19/Lib/ensurepip/_bundled/pip/_vendor/distlib/t32.exe: Win.Virus.Expiro-10026576-0 FOUND /home/abuild/bs/SUSE:Maintenance:33236/python39.SUSE_SLE-15-SP3_Update/Python-3.9.19/Lib/ensurepip/_bundled/pip/_vendor/distlib/t64-arm.exe: Win.Virus.Expiro-10026576-0 FOUND /home/abuild/bs/SUSE:Maintenance:33236/python39.SUSE_SLE-15-SP3_Update/Python-3.9.19/Lib/ensurepip/_bundled/pip/_vendor/distlib/t64.exe: Win.Virus.Expiro-10026576-0 FOUND /home/abuild/bs/SUSE:Maintenance:33236/python39.SUSE_SLE-15-SP3_Update/Python-3.9.19/Lib/ensurepip/_bundled/pip/_vendor/distlib/w32.exe: Win.Virus.Expiro-10026576-0 FOUND /home/abuild/bs/SUSE:Maintenance:33236/python39.SUSE_SLE-15-SP3_Update/Python-3.9.19/Lib/ensurepip/_bundled/pip/_vendor/distlib/w64-arm.exe: Win.Virus.Expiro-10026576-0 FOUND /home/abuild/bs/SUSE:Maintenance:33236/python39.SUSE_SLE-15-SP3_Update/Python-3.9.19/Lib/ensurepip/_bundled/pip/_vendor/distlib/w64.exe: Win.Virus.Expiro-10026576-0 FOUND
Matej, would it be easy to remove them from the wheel? Otherwise we would go and hide the misdetection.
(In reply to Marcus Meissner from comment #2) > Matej, would it be easy to remove them from the wheel? > > Otherwise we would go and hide the misdetection. Yes, we probably should. Let me have a look.
SUSE-RU-2024:1195-1: An update that has one fix can now be installed. Category: recommended (moderate) Bug References: 1222509 Maintenance Incident: [SUSE:Maintenance:33315](https://smelt.suse.de/incident/33315/) Sources used: openSUSE Leap 15.5 (src): post-build-checks-malwarescan-0.1-150500.20.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2024:1194-1: An update that has one fix can now be installed. Category: recommended (moderate) Bug References: 1222509 Maintenance Incident: [SUSE:Maintenance:33314](https://smelt.suse.de/incident/33314/) Sources used: openSUSE Leap 15.4 (src): post-build-checks-malwarescan-0.1-150400.15.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This doesn’t look like Python’s problem.
We are getting similar false positives in SP6 for pip, distlib and virtualenv: [ 62s] unpacking /.build.packages/SRPMS/python312-pip-23.2.1-150600.1.3.src.rpm [ 62s] unpacking /.build.packages/RPMS/noarch/python312-pip-23.2.1-150600.1.3.noarch.rpm [ 62s] clamscan -ir --exclude (Python-3.*tar.xz|pip-.*-py3-none-any.whl) /usr/src/packages/BUILD/scan: [ 78s] /usr/src/packages/BUILD/scan/python312-pip-23.2.1-150600.1.3.src.rpm.d/pip-23.2.1-gh.tar.gz: Win.Virus.Expiro-10026576-0 FOUND [ 77s] clamscan -ir --exclude (Python-3.*tar.xz|pip-.*-py3-none-any.whl) /usr/src/packages/BUILD/scan: [ 77s] LibClamAV Warning: ************************************************** [ 77s] LibClamAV Warning: *** The virus database is older than 7 days! *** [ 77s] LibClamAV Warning: *** Please update it as soon as possible. *** [ 77s] LibClamAV Warning: ************************************************** [ 101s] /usr/src/packages/BUILD/scan/python3-virtualenv-20.17.1-150600.1.3.src.rpm.d/virtualenv-20.17.1.tar.gz: Win.Virus.Expiro-10026576-0 FOUND [ 77s] clamscan -ir --exclude (Python-3.*tar.xz|pip-.*-py3-none-any.whl) /usr/src/packages/BUILD/scan: [ 77s] LibClamAV Warning: ************************************************** [ 77s] LibClamAV Warning: *** The virus database is older than 7 days! *** [ 77s] LibClamAV Warning: *** Please update it as soon as possible. *** [ 77s] LibClamAV Warning: ************************************************** [ 101s] /usr/src/packages/BUILD/scan/python3-virtualenv-20.17.1-150600.1.3.src.rpm.d/virtualenv-20.17.1.tar.gz: Win.Virus.Expiro-10026576-0 FOUND can the whitelist be amended? Thanks in advance
This weeeks clamav-database update seems to have removed the false positive already. so if you sync the maintenance snapshot it should go away.
submitted removal of whitelisting python
SUSE-RU-2024:1432-1: An update that has one fix can now be installed. Category: recommended (moderate) Bug References: 1222509 Maintenance Incident: [SUSE:Maintenance:33569](https://smelt.suse.de/incident/33569/) Sources used: openSUSE Leap 15.5 (src): post-build-checks-malwarescan-0.1-150500.20.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2024:1431-1: An update that has one fix can now be installed. Category: recommended (moderate) Bug References: 1222509 Maintenance Incident: [SUSE:Maintenance:33570](https://smelt.suse.de/incident/33570/) Sources used: openSUSE Leap 15.4 (src): post-build-checks-malwarescan-0.1-150400.15.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.