Kibana 8.11.1 - ClamAV Infected file ->

Hello everyone,

I'm creating this topic to report a situation where the antivirus ClamAV have identified a possible infected file on your Debian package

ClamAV report

/usr/share/kibana/node_modules/@kbn/fleet-plugin/target/bundled_packages/ Win.Tool.UACBypass-5474404-0 FOUND
traverse_rename: Failed to rename: /usr/share/kibana/node_modules/@kbn/fleet-plugin/target/bundled_packages/
	to: /var/lib/clamscan/quarantine/
Error:Invalid cross-device link
/usr/share/kibana/node_modules/@kbn/fleet-plugin/target/bundled_packages/ moved to '/var/lib/clamscan/quarantine/'

----------- SCAN SUMMARY -----------
Known viruses: 8679245
Engine version: 0.103.9
Scanned directories: 33527
Scanned files: 171637
Infected files: 1
Data scanned: 10114.00 MB
Data read: 476599.20 MB (ratio 0.02:1)
Time: 2274.860 sec (37 m 54 s)
Start Date: 2023:11:24 02:00:01
End Date:   2023:11:24 02:37:56

Although we assume this is a false positive, after a quick scan on Virus Total, we can see two other vendors (Google, Varist) that also flagged the file as potentially being malicious. (Screenshot bellow)

Appreciate your insight on this topic.

Best regards,


Hey @RafaelE ,

Thanks for posting! Would you mind sending an email to


Hello @azasypkin,

Email sent to as requested.

Best regards,

1 Like

Thank you @RafaelE !

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.