MUSL APK - malware detection
Hello,
I just start to use Alpine so I’m not sure in which category (and in
which way) I should report an issue, I would be pleased if someone
points me to right direction.
My issue is not so big, it’s mostly for your info.
Yesterday I made an fresh install of Alpine Distributive on my Windows
machine with VBox.
There were no problem, I passed all steps with setup-alpine
.
The script automatically detected host for repositories. That was http://mirror.fit.cvut.cz/alpine/
When I login and made first recommended steps #apk update
then
#apk upgrade
I got an issue with Musl package, the host-machine’s
antivirus simply block downloading.
I was able to update the package only through another mirror by https.
I made some experiments with different mirrors - the same result, the
antivirus detected malware. Then I downloaded the libruary directly from
official
site -
no issues, archive scan and exact ld_musl_86_64.so.1
scan didn’t show
any alarms. So looks like there is something added by package creation
process and that is not appreciated by antivirus.
I think it would be better to double check - if there isn’t trouble.
Some details:
VBox: 5.2.18
Alpine-linux: alpine-standard-3.9.2-x86_64
Host: Windows 10
Host-antivirus: Avast Business Pro
Antivirus message: (translate: “Connection to mirror.fit.cvut.cz was declined due to the ELF:BitCoinMiner-HP[Tr] malware detection”)
(from redmine: issue id 10074, created on 2019-03-09, closed on 2019-06-03)