Skip to content

Tests for the Zip Slip vuln raise alarms by ClamAV antivirus... #384

Closed
@MaximeDerche

Description

@MaximeDerche

Hello,

Since the 21st Sept. I get the following messages from my daily ClamAV scan:

/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/rubyzip-1.2.2/test/data/path_traversal/tuzovakaoff/symlink.zip: Sanesecurity.Malware.27384.ZipHeur.ZipSlip.UNOFFICIAL FOUND
/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/rubyzip-1.2.2/test/data/path_traversal/relative1.zip: Sanesecurity.Malware.27384.ZipHeur.ZipSlip.UNOFFICIAL FOUND
/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/rubyzip-1.2.2/test/data/path_traversal/jwilk/relative2.zip: Sanesecurity.Malware.27384.ZipHeur.ZipSlip.UNOFFICIAL FOUND

This is because the Sanesecurity signature base gets those three files as vulnerable to a known risk.

I understand those files come from the commit d07b13a (Merge pull request #376 from jdleesmiller/fix-cve-2018-1000544) for version 1.2.2, which fixes the Zip Slip (CVE-2018-1000544) vulnerability.

Would it be possible to just delete those files?

Kind regards,
-- Maxime DERCHE

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions