| OHDSI Home | Forums | Wiki | Github |
Hi all! My organization is just getting started with converting data to OMOP and want to use WhiteRabbit. Our cyber security team identified a package in WhiteRabbit as potentially malicious. Below is a snippet from a malware scan report showing the offending file adfs.exe is included in the redshift-jdbc42-2.1.0.11.jar. Has anyone else had this issue? What happens to the functionality of WhiteRabbit if we manually extract files from their jar files and remove the adfs.exe file?
Thanks,
Alison
Hi,
if you do not use Amazon Redshift as your source database, the solution is very simple: remove redshift-jdbc42-2.1.0.11.jar completely, as it will only be used if you select Redshift as your source database in WhiteRabbit. WhiteRabbit comes with a number of JDBC libraries to be able to connect to various brands of databases, but it will only require the one(s) for databases selected for actual use in WhiteRabbit.
If you do use Redshift, then you could try your suggestion. I do not know under which circumstances the Redshift JDBC jar will actually attempt to find or use adfs.exe (although it is very likely to happen only on Windows). I have no knowledge about the internals of the Redshift JDBC library.
Hope this helps,
Jan
Thank you very much!
Alison
Kudos to your security team for scanning, and thank you for raising and reporting this! I like Jan’s suggestion for a more immediate solution. I am wondering however, is this a false positive or is this actually malware? Is there any way to further track this down? @Alison_Park - I don’t know if your security team is willing to share what they used to scan the JAR, but I think it would be helpful to have that information to track down if this is a real concern or not (seems more likely to be a false positive, but always better to confirm). I’m happy to do some digging, unless someone already has the answer.
Thanks for the reply! Our security team used AssemblyLine, Canadian Centre for Cybersecurity’s malware analysis platform. Let me know if you would like more details from our security team.
For now, we have decided to simply remove redshift-jdbc42-2.1.0.11.jar as we do not have any Redshift source DBs.
Thanks!! This is the perfect amount of information to satisfy my curiosity 
