-
-
Notifications
You must be signed in to change notification settings - Fork 663
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ClamAV detected Coinminer in docker image #576
Comments
I believe this issue is caused due to #137, which adds upx compression to the binary for the sake of reducing the container size |
Damn, you caught me. My days of coin mining are over. 😱 No but seriously, this seems to be pretty common with upx-packed Go binaries. I had to remove the packing from the Windows binary already because of false virus flagging. It's quite annoying. The releases are built in CI and print checksums of everything at the end. See here: https://github.com/binwiederhier/ntfy/actions/runs/3766338182/jobs/6402734758 |
How about publishing a "fat" image without the compression on a separate tag? |
If anything, I'll just remove the upx step. It's been more painful than helpful anyway. And we already have too many published assets. |
Done in 1fd166d |
Was scanning the other day and got the warning on my containerd folder. Sure enough I can reproduce it by saving the docker image.
The text was updated successfully, but these errors were encountered: