False Positives ipset on VirusTotal - same as k3s #5647
Closed
burlyunixguy
started this conversation in
General
Replies: 1 comment 1 reply
-
We have no leverage to lean on them. We are not their customer and they have no incentive to address false positives. Users who are paying customers of these AV services need to engage their support contracts and actually put pressure on the vendors to stop triggering based on poorly trained ML heuristics. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I just wanted to reference the issue from k3s regarding the false positive on VirusTotal.
k3s-io/k3s-root#63
Since rke2 contains the same ipset binary from k3s, rke2 hardened-kubernetes image is also being denied due to same false positive. ( v1.24 and up until at least v1.26.. I haven't checked later releases )
With rke2 promoted as focused on security to adhere to strict compliance requirements, any triggers on malware ( especially APT ) will put doubt in peoples minds. While directing teams to the issue thread in the k3s-io repo will provide support and minimal comfort that it is a false positive, it is not definitive. Only when VirusTotal agrees that it is indeed a false positive will the consumers of rke2 be truly satisfied. That being said, can ya'll lean on them a little more to provide confirmation that it is a false positive.
Also, the /usr/sbin/ipset in the hardened-calico:v3.26.1-build20230802 image is part of an rpm and has different sha256 than the /bin/ipset in hardened-kubernetes:v1.24.17-rke2r1-build20230824 . Why not just use the same rpm in the hardened-kubernetes rather than copying it from k3s?
Beta Was this translation helpful? Give feedback.
All reactions