Executables from k3s maybe be incorrectly flagged as malware #9738
Description
Environmental Info:
K3s Version:
$ k3s -v
k3s version v1.29.2+k3s1 (86f10213)
go version go1.21.7
affected are the channels from v1.23 until v1.29
Node(s) CPU architecture, OS, and Version:
$ uname -a
Linux ben-Virtual-Machine 5.15.0-27-generic #28-Ubuntu SMP Thu Apr 14 04:55:28 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Cluster Configuration:
single node cluster
Describe the bug:
A lot of files in /var/lib/rancher/k3s/data/current/bin/ get flagged by various Antvirus Software, e. g. ipset:
https://www.virustotal.com/gui/file/b52d5de7999a5b5b08ecc0bad539f99263b00bc6129aeb7327ead0e8f8b98bcd
SHA256: b52d5de7999a5b5b08ecc0bad539f99263b00bc6129aeb7327ead0e8f8b98bcd
This is the same sha for every current version in the channels v1.23 until latest.
The ipset file from version v1.22.17+k3s1:
https://www.virustotal.com/gui/file/618d9c1952ecfc13ce4358afec73e9283b7c24f968208656ad6fe2b3c7b3f8ef
SHA256: 618d9c1952ecfc13ce4358afec73e9283b7c24f968208656ad6fe2b3c7b3f8ef
List of files matched by F-Secure:
blkid
coreutils
aux/ebtablesd
aux/ebtables-legacy
find
fuse-overlayfs
ip
ipset
losetup
nsenter
pigz
slirp4netns
aux/xtables-legacy-multi
aux/xtables-nft-multi
Steps To Reproduce:
- Installed K3s: sudo INSTALL_K3S_CHANNEL= bash install.sh
- Check sha256: sha256sum /var/lib/rancher/k3s/data/current/bin/ipset
- Copy the sha into https://www.virustotal.com/gui/home/search
Expected behavior:
No results on virustotal.com
Actual behavior:
Some Hits on virustotal.com
Additional context / logs: