search

ansible-collections / community.windows

Windows community collection for Ansible
https://galaxy.ansible.com/community/windows
GNU General Public License v3.0
198 stars 153 forks source link

Clamav reporting an issue with a file in this repository #489

Closed nautik1 closed 1 year ago

nautik1 commented 1 year ago
SUMMARY

Clamav finds a Xml.Exploit.External_Relationship_Abuse-9987932-0 in the file tests/integration/targets/win_psscript_info/files/upgrade-powershell.1.0.0.nupkg

ISSUE TYPE
COMPONENT NAME

tests/integration/targets/win_psscript_info/files/upgrade-powershell.1.0.0.nupkg

ANSIBLE VERSION

Found on main branch of this repository

STEPS TO REPRODUCE
$ clamdscan --version
ClamAV 0.103.6/26814/Thu Feb 16 09:40:04 2023

$ clamdscan --multiscan --fdpass ./community.windows
community.windows/tests/integration/targets/win_psscript_info/files/upgrade-powershell.1.0.0.nupkg: Xml.Exploit.External_Relationship_Abuse-9987932-0 FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.194 sec (0 m 0 s)
Start Date: 2023:02:17 09:43:06
End Date:   2023:02:17 09:43:06
EXPECTED RESULTS

Nothing found

ACTUAL RESULTS

Clamav finds this Xml.Exploit.External_Relationship_Abuse-9987932-0

Not sure if this is known or a false positive though, I am not using windows (I just had this repo locally as an ansible dependency)

auwsom commented 1 year ago

I'm seeing this from a python package for Ansible on the same file name inside Ubuntu 22.04 LTS: /usr/lib/python3/dist-packages/ansible_collections/community/windows/tests/integration/targets/win_psscript_info/files/upgrade-powershell.1.0.0.nupkg: Xml.Exploit.External_Relationship_Abuse-9987932-0 FOUND

jborean93 commented 1 year ago

This is a test file and is just a test nupkg created with test files. Most likely a false positive but not something that we can do anything about here.