From bfb19009fdcded288680cf46aea562432e13e4b9 Mon Sep 17 00:00:00 2001 From: Ian Pittwood Date: Tue, 12 Mar 2024 13:10:10 -0700 Subject: [PATCH] Add false positive exclusions for WAML ClamAV --- .../Dockerfile.ubuntu2204 | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/workbench-for-microsoft-azure-ml/Dockerfile.ubuntu2204 b/workbench-for-microsoft-azure-ml/Dockerfile.ubuntu2204 index f3f0dc96..4a815694 100644 --- a/workbench-for-microsoft-azure-ml/Dockerfile.ubuntu2204 +++ b/workbench-for-microsoft-azure-ml/Dockerfile.ubuntu2204 @@ -150,9 +150,19 @@ RUN grep -v "DatabaseMirror" /etc/clamav/freshclam.conf > /etc/clamav/freshclam. # Update ClamAV RUN freshclam --log="/var/log/clamav/clamupdate.log" -# Scan all but /sys for viruses. If this fails, the Docker build will -# fail. -RUN clamscan --recursive --infected --exclude-dir="^/sys" --log "/var/log/clamav/clamscan.log" / +# Scan all but /sys for viruses. If this fails, the Docker build will fail. +# +# --exclude options are false positives per rstudio/rstudio-docker-products#704. +# They can likely be removed in the future after ClamAV's database is updated. +RUN clamscan \ + --recursive \ + --infected \ + --exclude-dir="^/sys" \ + --exclude="/opt/az/lib/python3.11/ensurepip/_bundled/pip-23.2.1-py3-none-any.whl" \ + --exclude="/opt/az/lib/python3.11/site-packages/pip/_vendor/distlib/w32.exe" \ + --exclude="/opt/az/lib/python3.11/site-packages/pip/_vendor/distlib/w64-arm.exe" \ + --exclude="/opt/az/lib/python3.11/site-packages/pip/_vendor/distlib/t64-arm.exe" \ + --log "/var/log/clamav/clamscan.log" / # Ignore the intermediate 'clamav' multi-stage build step so we don't distribute