Kibana 8.11.1 - ClamAV Infected file -> security_detection_engine-8.11.1.zip

Hello everyone,

I'm creating this topic to report a situation where the antivirus ClamAV have identified a possible infected file on your Debian package

ClamAV report

/usr/share/kibana/node_modules/@kbn/fleet-plugin/target/bundled_packages/security_detection_engine-8.11.1.zip: Win.Tool.UACBypass-5474404-0 FOUND
traverse_rename: Failed to rename: /usr/share/kibana/node_modules/@kbn/fleet-plugin/target/bundled_packages/security_detection_engine-8.11.1.zip
	to: /var/lib/clamscan/quarantine/security_detection_engine-8.11.1.zip
Error:Invalid cross-device link
/usr/share/kibana/node_modules/@kbn/fleet-plugin/target/bundled_packages/security_detection_engine-8.11.1.zip: moved to '/var/lib/clamscan/quarantine/security_detection_engine-8.11.1.zip'

----------- SCAN SUMMARY -----------
Known viruses: 8679245
Engine version: 0.103.9
Scanned directories: 33527
Scanned files: 171637
Infected files: 1
Data scanned: 10114.00 MB
Data read: 476599.20 MB (ratio 0.02:1)
Time: 2274.860 sec (37 m 54 s)
Start Date: 2023:11:24 02:00:01
End Date:   2023:11:24 02:37:56

Although we assume this is a false positive, after a quick scan on Virus Total, we can see two other vendors (Google, Varist) that also flagged the file as potentially being malicious. (Screenshot bellow)

vt_kibana_deb_report1775×859 92 KB

Appreciate your insight on this topic.

Best regards,
Rafael

Hey @RafaelE ,

Thanks for posting! Would you mind sending an email to security@elastic.co?

Best,
Oleg

Hello @azasypkin,

Email sent to security@elastic.co as requested.

Best regards,
Rafael

Thank you @RafaelE !

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.