Has anyone tested general purpose malware detection on supply chains ? Like clamscan . I tried to te...

tonymet • today at 3:41 AM • 3 replies • view on HN

Has anyone tested general purpose malware detection on supply chains ? Like clamscan . I tried to test the LiteLLM hack but the affected packages had been pulled. Windows Defender AV has an inference based detector that may work when signatures have not yet been published

Replies

jesse_dot_id • today at 4:30 AM

I second this question. I usually scan our containers with snyk and guarddog, and have wondered about guarddog in particular because it adds so much build time.

Imustaskforhelp • today at 8:27 AM

> tried to test the LiteLLM hack but the affected packages had been pulled

Hey, I have been part of the archival effect/Litellm issue thread. I think I have stored them in archive.org for preservation purposes

https://web.archive.org/web/20260325073027/https://files.pyt...

(I have also made an archive of the github issue with all the comments manually till a certain point at https://web.archive.org/web/20260325054202/https://serjaimel...)

esseph • today at 4:17 AM

> Has anyone tested general purpose malware detection on supply chains ? Like clamscan

You could use Trivy! /s

alt Hacker News

Replies