Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

An issue was found by ClamAV: A virus was detected by ClamAV: FOUND PUA.Html.Exploit.CVE_2014_0322-1

mayankrojo
Explorer
‎02-15-2021 03:10 AM

Hello Guys,
I am running app-inspect on my add-on and I am encountering one failure which I am unable to resolve. Please find below the failue. Should not it be false-positive? How to deal with this. 

{
"checks": [
{
"description": "Check that the app does not include viruses.",
"messages": [
{
"code": "reporter.fail(message)",
"filename": "check_viruses.py",
"line": 41,
"message": "An issue was found by ClamAV: A virus was detected by ClamAV: FOUND PUA.Html.Exploit.CVE_2014_0322-1",
"result": "failure",
"message_filename": null,
"message_line": null
}
],
"name": "check_for_viruses",
"tags": [
"splunk_appinspect",
"cloud",
"antivirus",
"private_app"
],
"result": "failure"
}
],
"description": "Malware, viruses, malicious content, user security standards (dynamic checks)",
"name": "check_viruses"
}
 
Thanks & Regards,
Madhuri



Labels (1)
Labels
Reply

izauer
Explorer
‎02-15-2021 10:23 AM

Also here.

The weird thing is that my add-on was inspected and passed but now suddenly it shows this error

An issue was found by ClamAV: A virus was detected by ClamAV: FOUND PUA.Html.Exploit.CVE_2014_0322-1
0 Karma
Reply

mayankrojo
Explorer
‎02-15-2021 10:29 AM

I deployed multiple add-ons on customer tenant earlier and never came through this failure message. But now when I run those add-ons on app inspect, it shows me this failure. It seems this check has been introduced recently which should be false positive but that is not the case. It seems we have to install clam to find out the exact file. The check "A virus was detected by ClamAV: FOUND PUA.Html.Exploit.CVE_2014_0322-1" is in common.js under appserver/static/js/build.

Reply

izauer
Explorer
‎02-15-2021 10:32 AM

@mayankrojo  Thanks for the guidance!

 

Did you just remove the file?

0 Karma
Reply

mayankrojo
Explorer
‎02-16-2021 01:56 AM

Hello,
Coming back to this query again. I removed common.js file which was the culprit according to the response from appinspect. The add-on is passing all the checks in the appinspect and also working fine also without common.js on my tenant. You would find common.js under your app->appserver->static->js->build->common.js

Thanks & Regards,

Madhuri

0 Karma
Reply

mayankrojo
Explorer
‎02-15-2021 10:35 AM

I will be in the position to throw some light into this by tomorrow. I am trying to delete this file and run an appinspect on top of this. I still have to look and test the behaviour of the add-on by installing it on the tenant and by setting the input. I want to confirm if or not it is calling any function within common.js. I will comment on it by tomorrow.

0 Karma
Reply

orcasec
Engager
‎02-15-2021 04:09 AM

Same here 

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...