Malware detected on download


(Raynald Girard) #1

I can't download logstash, I always have a malware detection error from our internal security tool

URL: https://artifacts.elastic.co/downloads/logstash/logstash-5.6.3.zip
Categories URL: Internet Services
Reputation: Minimal Risk (0)
File name: logstash-5.6.3.zip|logstash-5.6.3/vendor/jruby/lib/ruby/shared/org/bouncycastle/bcprov-jdk15on/1.55/bcprov-jdk15on-1.55.jar|org/bouncycastle/crypto/agreement/DHStandardGroups.class
Type of support (Header): application/zip
Type of support (Ensured): application/java-vm
virus name: BehavesLike.Java.Obfuscated.lvMcAfee Threat Center (95%)
MD5: 315dd0865ef7cc251ec7aacec5036204

Any Ideas ?


(Aaron Mildenstein) #2

In all likelihood, this is a false positive. The class file identified is open source and can be inspected by anyone. As its purpose is cryptography (DHStandardGroups == Diffie-Hellman encryption), the virus the scanner thinks is related here may have borrowed code from this class for its own cryptography, hence the similarity.

Feel free to look up the bouncycastle project and jars and ask them if they've had a security breach or strange code merged into their branch. I'm confident you'll find that is not the case.

Also, please read carefully the words, BehavesLike. In other words, the malware scanner thinks it is behaving like something it has seen before, but it doesn't actually know if it's a virus.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.