Comment by tonymet

25 days ago

Has anyone tested general purpose malware detection on supply chains ? Like clamscan . I tried to test the LiteLLM hack but the affected packages had been pulled. Windows Defender AV has an inference based detector that may work when signatures have not yet been published

9 comments

tonymet

Imustaskforhelp 24 days ago

> tried to test the LiteLLM hack but the affected packages had been pulled

Hey, I have been part of the archival effect/Litellm issue thread. I think I have stored them in archive.org for preservation purposes

https://web.archive.org/web/20260325073027/https://files.pyt...

(I have also made an archive of the github issue with all the comments manually till a certain point at https://web.archive.org/web/20260325054202/https://serjaimel...)

tonymet 23 days ago

the primitive clamscan experiment worked! it detected Txt.Trojan.TeamPCP-10059839-1 from the .tar.gz archive. I'll continue testing to see if it's viable

   # apk add clamav-scanner freshclam
   # freshclam
   # curl -LO https://web.archive.org/web/20260325073027/https://files.pythonhosted.org/packages/f6/2c/731b614e6cee0bca1e010a36fd381fba69ee836fe3cb6753ba23ef2b9601/litellm-1.82.8.tar.gz

    # clamscan litellm-1.82.8.tar.gz
   Loading:     6s, ETA:   0s [========================>]    3.63M/3.63M sigs
   Compiling:   2s, ETA:   0s [========================>]       41/41 tasks

   /root/supply-chain-scanner/pkg/litellm-1.82.8.tar.gz: Txt.Trojan.TeamPCP-10059839-1 FOUND

   ----------- SCAN SUMMARY -----------
   Known viruses: 3627757
   Engine version: 1.4.4
   Scanned directories: 0
   Scanned files: 1
   Infected files: 1
   Data scanned: 94.98 MB
   Data read: 16.59 MB (ratio 5.72:1)
   Time: 50.057 sec (0 m 50 s)
   Start Date: 2026:04:01 19:57:23
   End Date:   2026:04:01 19:58:13

tonymet 23 days ago
thanks for highlighting that i will take a look and see if there's similar archive for the other vulnerabilities as well .
If i can make it work with clamscan & MS Defender i'll run a scan and try to report back
- Imustaskforhelp 23 days ago
  
  Glad to see that Clamscan experiment worked. Keep me updated on the continued testing and I am glad that my archival efforts are appreciated :)
  
  3 replies →

jesse_dot_id 25 days ago

I second this question. I usually scan our containers with snyk and guarddog, and have wondered about guarddog in particular because it adds so much build time.

esseph 25 days ago

> Has anyone tested general purpose malware detection on supply chains ? Like clamscan

You could use Trivy! /s