Sonar .jar file identified as virus / malware

SonarQube Cloud
1

We use Sonarcloud, integrating with Azure Dev Ops, and our corporate anti-virus scanner has identified a file on one of our self-hosted Azure Pipelines build agent servers as a potential virus / malware in a sonar .jar file (details below).

Four other A/V vendors have also flagged the same file as a potential virus - namely the Artemis trojan virus (trojan.convagent).

File details (multiple files listed as our A/V logs listed several files and it’s a bit ambiguous as to which file is the culprit):

  • C:\Users\<build_agent_user_name>\.sonar\cache\71c88a.........redacted...........c09c15\sonar-cpp-plugin.jar

  • C:\Users\<build_agent_user_name>\AppData\Local\Temp\eel3lox2\eel3lox2.dll

  • The file hash that the five A/V vendors picked up on as possible trojan is
    53005a48421f7d39a97d745bfb2ef43c6d06596d33bee0adb71e99d1383de627

  • The hash is associated with file name sonar-cfamily-plugin-6.19.0.30153.jar

Anyone else had the file flagged up as a Trojan?

Anyone know if this is a false-positive or genuine virus?

6

Hello @greg.trevellick

Sorry that you are facing such problems.

  1. I have never heard of such a problem before
  2. The jar file you are mentioning is a very old version of the C/C++/objective-C analyzer. It is cached by the scanner. You can safely delete it. The current version is 6.45.
  3. What sort of hash is used for the file? it seems like an SHA-256. Can you confirm that?
  4. Did you try to use the hash to match the right file?
1 Like
9

After our investigation, this is a false positive and some antiviruses are identifying this as a trojan because of the names of the elements contained in the package. We are submitting the jar file as a false positive report to hopefully prevent any future occurrences.

1 Like