Virus in Sonnar scanner jar file


We need your inputs.

While downloading the Jar (sonar-scanner-engine-shaded- file is being blocked by our Palo alto firewall.
While reviewing the logs finds Win32.WGeneric is the virus that finds out and gets blocked via the Palo Alto firewall.
We need your suggestion to fix the issue in SQ, My running SQ version Community Edition Version 8.9.5 and JDK version - 11.0.11.

Hi @dharmendrarb1
And welcome to the community!
I understand your concern with this report.
A few things you might do:

  • check if your SonarQube instance may have been compromised (I’ve never heard about such case but you may not be able to rule it out completely). For that you may checksum compare (globally then on each file) this scanner jar file (https://SONARQUBE-URL/batch/file?name=sonar-scanner-engine-shaded- with one from another (100% safe) instance of the exact same edition and version.
  • upgrade to the latest 8.9 patch version, which would be the 8.9.6 announced on Dec. 21st
  • report a false positive through your Palo Alto support channel
  • if something is wrong with the file, you might share your detailed findings (including the scanner file safely quarantined) following our Responsible Vulnerability Disclosure guidelines.
  • If this was a false positive, an update here is welcome