VirusTotal says this image contain coinminer - Githubissues

gliderlabs / logspout

Log routing for Docker container logs

MIT License

4.66k stars 680 forks source link

VirusTotal says this image contain coinminer #487

Closed Randomneo closed 4 years ago

Randomneo commented 4 years ago

Actions to reproduce

docker pull gliderlabs/logspout
docker save gliderlabs/logspout > logspout.tar

upload this tar to virustotal. Screen attached

michaelshobbs commented 4 years ago

Confirmed building locally and uploading that to VirusTotal yields the same result. However, Kaskersky doesn't report anything. I wonder if this is a false-positive from VirusTotal.

Screen Shot 2020-10-15 at 07 28 19

alex-vasilchenko-md commented 4 years ago

Btw, there is no such issue in previous versions.

michaelshobbs commented 4 years ago

I exported the filesystem of a running container based on that image and scanned it. VirusTotal detects the same issue but won't show me file where it detected the issue.

michaelshobbs commented 4 years ago

Any help in locating the root cause here would be greatly appreciated

michaelshobbs commented 4 years ago

I think #490 resolves this.

https://www.virustotal.com/gui/file-analysis/OGQxMTE3YTM0MzQxYjcwZTM4M2FmZTlhNTE0YjE5NDg6MTYwMzM4MzQyMA==/detection

docker pull gliderlabs/logspout:master
docker save gliderlabs/logspout:master > logspout_master.tar

Screen Shot 2020-10-22 at 09 18 36

michaelshobbs commented 4 years ago

releasing this as v3.2.12. image up soon