8000 Remove pyMISP test files · Issue #221 · MISP/misp-docker · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Remove pyMISP test files #221

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
decyphertek-io opened this issue Feb 21, 2025 · 4 comments · Fixed by #222
Closed

Remove pyMISP test files #221

decyphertek-io opened this issue Feb 21, 2025 · 4 comments · Fixed by #222
Assignees
@ostefano

Comments

@decyphertek-io
Copy link
decyphertek-io commented Feb 21, 2025
edited
Loading

AWS is detecting Malware:

[{"ErrorCode":"TROJAN:GENERIC.36717898","ErrorMessage":"Malware detected: [Trojan:Generic.36717898] Provide an asset without vulnerabilities, malware, or viruses. Found [Trojan:Generic.36717898] at [/var/lib/docker/overlay2/e4f599de36e1f4e6e067488b1e271a339630ac223bb3bbe2ec55a564a0cacaf7/diff/usr/local/lib/python3.12/site-packages/tests/email_testfiles/mail_1.msg, /var/lib/docker/overlay2/c58d0cfb4d3d50ed17fa5ef829fd98ff37ed1e5183da9aebca94218dc5efd729/diff/wheels/pymisp-2.5.7-py3-none-any.whl\u003d\u003etests/email_testfiles/mail_1.msg]."},{"ErrorCode":"JS:TROJAN.CRYXOS-1531","ErrorMessage":"Malware detected: [JS:Trojan.Cryxos-1531] Provide an asset without vulnerabilities, malware, or viruses. Found [JS:Trojan.Cryxos-1531] at [/var/lib/docker/overlay2/e4f599de36e1f4e6e067488b1e271a339630ac223bb3bbe2ec55a564a0cacaf7/diff/usr/local/lib/python3.12/site-packages/tests/email_testfiles/mail_1_bom.eml\u003d\u003e(INFECTED_JS), /var/lib/docker/overlay2/c58d0cfb4d3d50ed17fa5ef829fd98ff37ed1e5183da9aebca94218dc5efd729/diff/wheels/pymisp-2.5.7-py3-none-any.whl\u003d\u003e(INFECTED_JS)]."}]
  • They appear to be just email tests.
  • How would I scan docker containers for malware to confirm if its a false positive or not.
@ostefano
Copy link
Collaborator

FP

@ostefano ostefano closed this as not planned Won't fix, can't repro, duplicate, stale Feb 21, 2025
@ostefano
Copy link
Collaborator

I reported the issue to pyMISP devs, and I will be looking into removing the test files at build time while the issue is sorted.

@ostefano ostefano reopened this Feb 22, 2025
@ostefano ostefano changed the title Malware Detected - V2.5.7 Remove pyMISP test files Feb 22, 2025
@ostefano ostefano self-assigned this Feb 22, 2025
@ostefano
Copy link
Collaborator

This has been introduced recently by a regression in pymisp (see commit MISP/PyMISP@0b7eaef).

I will close this, since the best fix is to wait for a new release of pymisp.

CC @Rafiot

@ostefano ostefano closed this as not planned Won't fix, can't repro, duplicate, stale Feb 22, 2025
@ostefano ostefano reopened this Feb 22, 2025
@ostefano ostefano linked a pull request Feb 22, 2025 that will close this issue
Override pymisp version (be reverted at next release) #222
Merged
@ostefano
Copy link
Collaborator

Created this #222 as workaround.

Will merge later today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ostefano ostefano

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Override pymisp version (be reverted at next release) MISP/misp-docker
2 participants
@ostefano @decyphertek-io
0