hub-feedback icon indicating copy to clipboard operation
hub-feedback copied to clipboard

Published 20 hours ago verified publisher icon docker

Please scan the content of publicly available images with an antivirus (e.g. ClamAV)

Open patrakov opened this issue 3 years ago • 4 comments

On HackerNews and Reddit, someone was complaining that a publicly available "Minecraft" image (minecraft101/minecraft-server) was actually a Monero miner. The reports are at https://www.reddit.com/r/docker/comments/pvsjsq/am_i_mining_to_somebody/, https://news.ycombinator.com/item?id=28661236, and https://github.com/docker/hub-feedback/issues/1121 (not acted upon).

In this particular case, and probably many others (that's why a separate ticket), the problem would have been avoided if Docker Hub scanned all submissions and downloads with an anti-virus scanner. E.g., in that case, ClamAV would have found a Multios.Coinminer.Miner-6781728-2, and that would have been sufficient to have this malicious image taken down without human interaction.

And this (checking all user content with an anti-virus, e.g. ClamAV, and possibly some other security scanner) is what I am asking here.

patrakov avatar Sep 26 '21 18:09 patrakov

Failing to do that, at least make it easy for people to report malicious images.

tstivers1990 avatar Sep 26 '21 23:09 tstivers1990

We are clearing up our old issues and your ticket has been open for 6 months with no activity. Remove stale label or comment or this will be closed in 15 days.

github-actions[bot] avatar Mar 26 '22 00:03 github-actions[bot]

We are clearing up our old issues and your ticket has been open for 6 months with no activity. Remove stale label or comment or this will be closed in 15 days.

Not that easy you don't

tstivers1990 avatar Mar 26 '22 19:03 tstivers1990

Thank you for the report. We are always evaluating our scanning abilities and automated systems. In fact, I know that concerns like this have had recent discussions internally. Unfortunately, I cannot reveal the results of any of these conversations. I do want to reiterate our commitment to a Secure Software Supply chain when using Docker Hub.

I will make sure the team hears this feedback. It is a somewhat unique use-case in that container scanning tools likely wouldn't catch this since many of those scans are for CVEs and not maliciously intended software installations.

I should also note that this sort of feedback might get more traction in https://github.com/docker/roadmap since it is a feature/improvement request. I don't see a current roadmap issue that fits your request. We frequently review that repository for community feedback based on reactions.

ingshtrom avatar Mar 28 '22 15:03 ingshtrom