Description
Hello,
Since the 21st Sept. I get the following messages from my daily ClamAV scan:
/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/rubyzip-1.2.2/test/data/path_traversal/tuzovakaoff/symlink.zip: Sanesecurity.Malware.27384.ZipHeur.ZipSlip.UNOFFICIAL FOUND
/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/rubyzip-1.2.2/test/data/path_traversal/relative1.zip: Sanesecurity.Malware.27384.ZipHeur.ZipSlip.UNOFFICIAL FOUND
/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/rubyzip-1.2.2/test/data/path_traversal/jwilk/relative2.zip: Sanesecurity.Malware.27384.ZipHeur.ZipSlip.UNOFFICIAL FOUND
This is because the Sanesecurity signature base gets those three files as vulnerable to a known risk.
I understand those files come from the commit d07b13a (Merge pull request #376 from jdleesmiller/fix-cve-2018-1000544) for version 1.2.2, which fixes the Zip Slip (CVE-2018-1000544) vulnerability.
Would it be possible to just delete those files?
Kind regards,
-- Maxime DERCHE