Closed joeneldeasis closed 9 months ago
That is hilarious nobody has spotted that before now, thankfully the email messages in that folder don't seem to be used. Presumably they were for manual testing at some point.
I think that folder could be added to a .dockerignore and the file in question removed or replaced with an EICAR based one.
...so this was an actual virus??
Yes, this is an real virus. It appears to be a real email received by aTech at some point. We must have included it for testing. It won't do any harm unless you open it, download its attachment and run it, but it would probably be replaced with a EICAR file. It is also perfectly safe to delete it from your install.
Issue
Malicious file found by AWS GuardDuty in the running container.
To Reproduce
Deploy postal on EC2 instance then AWS GuardDuty will detect the file
/var/lib/docker/overlay2/xxxxxxxxxxxx/diff/opt/postal/app/resource/virus-message.msg
in the container as malicious file.Environment details
Additional information/context
Tried submitting the file to VirusTotal which located in
resource/virus-message.msg
the repo and the detection rate is 30/59. VirusTotal Link: https://www.virustotal.com/gui/file/ab162c2bb1eca728b926f238d6a2441c6384490d0bc703c916016c2d3e5df622