https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# general
a
This message was deleted.
p
This page requires a VT Intelligence subscription to access.
a
Yes, you can sign up (no cost). I was sent this link from the security team and had to sign up myself.
p
a
yes, i believe it is the strings section that is being flagged as malware.
p
The two strings in question are from two entirely different malware... Intezer themselves passes the binary as trusted, so Google and Ikarus are being overly paranoid. Also Intezer cached a 3rd vendor flagging the binary as malware from VT but the third apparently doesn't flag it anymore.
I'd bet it's a false positive, but apart from that i don't know how to send a report to Google or Ikarus.
Also, yeah someone from rancher should take a look, just in case
👍 1
c
it doesn’t have malware in it, I promise
😂 1
👍 1
ML-based AV scanners are garbage
p
I'd just say overly paranoid
a
@creamy-pencil-82913 In the link you posted, 
bash
isn’t explicitly called out as a file that is flagged as a false positive. this is the file that is in question by our security team.
p
Better have a false positive than false negative...
👍 1
c
yes that is just called out as one that is commonly flagged. Doesn’t mean its the only one. We’ve also seen iptables, ipset, bash, all kinds of stuff. garbage.
👍 2
p
@acoustic-sunset-13848 If you're in a ITIL company (my condoleances), good luck getting the security clearance/override from your security team
a
Not ITIL, but we want to make sure that our customers are protected.
👍 1
5 Views
Open in Slack
PreviousNext
Powered by