-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Malicious in php-8.2.4.tar.xz #1394
Comments
Due to the fact that this file remains in the layers of the image, antivirus programs can detect it as malicious and block use in prod or try to delete it. Probably the tests folder in the php archive is not needed at all. |
That is unfortunate. We leave the |
So is this image safe to use? |
That depends on your use case and what you plan to do with it, and is definitely not something we can answer for you (generally). However, it is extremely unlikely that anything you do with this image is going to be affected in any way (positively or negatively) by the inclusion of this file in the source tarball's test data. |
This comment was marked as duplicate.
This comment was marked as duplicate.
php-8.3.4\ext\phar\tests\bug81726.gz Is this corrupted or truly malicious? |
On its own, the |
I made a docker-compose images of my application for a company. And when the company checks this images, their antivirus tell them what the application has a virus:
Because the file I can remove the file from docker container by: RUN rm -f /usr/src/php.tar.xz But in this case the file stays inside image layers. And when I save php image by: docker save -o ./images/docker3_php_1.tar php Antivirus says what the image contains the virus. How can I solve the issue? How can I remove the file from php image? |
@mavlutovr, because of docker image layering, you have to remove it in the same docker layer it is added. There are many ways to do so; here are a few
Or, avoid it altogether and don't use the |
Hi! Does this archive contain the malicious bug81726.gz file? Its path is ext/phar/tests. This php archive file is loaded in Dockerfile on line 64:
ENV PHP_URL="https://www.php.net/distributions/php-8.2.4.tar.xz" PHP_ASC_URL="https://www.php.net/distributions/php-8.2.4.tar.xz.asc"
On the virustotal website, 3 vendors are identified as Trojan-ArcBomb.GZip.Agent.e. https://www.virustotal.com/gui/file/74d8c6721497c7103c082d489ed913d5cf509ed44520f0e15a55302e1faacb8f/detection.
The text was updated successfully, but these errors were encountered: