Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

An issue was found by ClamAV: A virus was detected by ClamAV: FOUND PUA.Html.Exploit.CVE_2014_0322-1

mayankrojo
Explorer
‎02-15-2021 03:10 AM

Hello Guys,
I am running app-inspect on my add-on and I am encountering one failure which I am unable to resolve. Please find below the failue. Should not it be false-positive? How to deal with this. 

{
"checks": [
{
"description": "Check that the app does not include viruses.",
"messages": [
{
"code": "reporter.fail(message)",
"filename": "check_viruses.py",
"line": 41,
"message": "An issue was found by ClamAV: A virus was detected by ClamAV: FOUND PUA.Html.Exploit.CVE_2014_0322-1",
"result": "failure",
"message_filename": null,
"message_line": null
}
],
"name": "check_for_viruses",
"tags": [
"splunk_appinspect",
"cloud",
"antivirus",
"private_app"
],
"result": "failure"
}
],
"description": "Malware, viruses, malicious content, user security standards (dynamic checks)",
"name": "check_viruses"
}
 
Thanks & Regards,
Madhuri



Labels (1)
Labels
Reply

izauer
Explorer
‎02-15-2021 10:23 AM

Also here.

The weird thing is that my add-on was inspected and passed but now suddenly it shows this error

An issue was found by ClamAV: A virus was detected by ClamAV: FOUND PUA.Html.Exploit.CVE_2014_0322-1
0 Karma
Reply

mayankrojo
Explorer
‎02-15-2021 10:29 AM

I deployed multiple add-ons on customer tenant earlier and never came through this failure message. But now when I run those add-ons on app inspect, it shows me this failure. It seems this check has been introduced recently which should be false positive but that is not the case. It seems we have to install clam to find out the exact file. The check "A virus was detected by ClamAV: FOUND PUA.Html.Exploit.CVE_2014_0322-1" is in common.js under appserver/static/js/build.

Reply

izauer
Explorer
‎02-15-2021 10:32 AM

@mayankrojo  Thanks for the guidance!

 

Did you just remove the file?

0 Karma
Reply

mayankrojo
Explorer
‎02-16-2021 01:56 AM

Hello,
Coming back to this query again. I removed common.js file which was the culprit according to the response from appinspect. The add-on is passing all the checks in the appinspect and also working fine also without common.js on my tenant. You would find common.js under your app->appserver->static->js->build->common.js

Thanks & Regards,

Madhuri

0 Karma
Reply

mayankrojo
Explorer
‎02-15-2021 10:35 AM

I will be in the position to throw some light into this by tomorrow. I am trying to delete this file and run an appinspect on top of this. I still have to look and test the behaviour of the add-on by installing it on the tenant and by setting the input. I want to confirm if or not it is calling any function within common.js. I will comment on it by tomorrow.

0 Karma
Reply

orcasec
Engager
‎02-15-2021 04:09 AM

Same here 

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...