Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

An issue was found by ClamAV: A virus was detected by ClamAV: FOUND PUA.Html.Exploit.CVE_2014_0322-1

mayankrojo
Explorer
‎02-15-2021 03:10 AM

Hello Guys,
I am running app-inspect on my add-on and I am encountering one failure which I am unable to resolve. Please find below the failue. Should not it be false-positive? How to deal with this. 

{
"checks": [
{
"description": "Check that the app does not include viruses.",
"messages": [
{
"code": "reporter.fail(message)",
"filename": "check_viruses.py",
"line": 41,
"message": "An issue was found by ClamAV: A virus was detected by ClamAV: FOUND PUA.Html.Exploit.CVE_2014_0322-1",
"result": "failure",
"message_filename": null,
"message_line": null
}
],
"name": "check_for_viruses",
"tags": [
"splunk_appinspect",
"cloud",
"antivirus",
"private_app"
],
"result": "failure"
}
],
"description": "Malware, viruses, malicious content, user security standards (dynamic checks)",
"name": "check_viruses"
}
 
Thanks & Regards,
Madhuri



Labels (1)
Labels
Reply

izauer
Explorer
‎02-15-2021 10:23 AM

Also here.

The weird thing is that my add-on was inspected and passed but now suddenly it shows this error

An issue was found by ClamAV: A virus was detected by ClamAV: FOUND PUA.Html.Exploit.CVE_2014_0322-1
0 Karma
Reply

mayankrojo
Explorer
‎02-15-2021 10:29 AM

I deployed multiple add-ons on customer tenant earlier and never came through this failure message. But now when I run those add-ons on app inspect, it shows me this failure. It seems this check has been introduced recently which should be false positive but that is not the case. It seems we have to install clam to find out the exact file. The check "A virus was detected by ClamAV: FOUND PUA.Html.Exploit.CVE_2014_0322-1" is in common.js under appserver/static/js/build.

Reply

izauer
Explorer
‎02-15-2021 10:32 AM

@mayankrojo  Thanks for the guidance!

 

Did you just remove the file?

0 Karma
Reply

mayankrojo
Explorer
‎02-16-2021 01:56 AM

Hello,
Coming back to this query again. I removed common.js file which was the culprit according to the response from appinspect. The add-on is passing all the checks in the appinspect and also working fine also without common.js on my tenant. You would find common.js under your app->appserver->static->js->build->common.js

Thanks & Regards,

Madhuri

0 Karma
Reply

mayankrojo
Explorer
‎02-15-2021 10:35 AM

I will be in the position to throw some light into this by tomorrow. I am trying to delete this file and run an appinspect on top of this. I still have to look and test the behaviour of the add-on by installing it on the tenant and by setting the input. I want to confirm if or not it is calling any function within common.js. I will comment on it by tomorrow.

0 Karma
Reply

orcasec
Engager
‎02-15-2021 04:09 AM

Same here 

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...