Skip to main content

Guide to Removing Malware

This document explains how to remove malware components from a repository using the Repository Firewall. This guide assists Nexus Repository users who are seeing the malware warning banner as of Nexus Repository release 3.73.

fw-maleware-banner.png

Requirements

Users for this guide require permissions to both the Nexus Repository and the Repository Firewall.

  • Repository Firewall must be configured to audit all proxy repositories or some malware components may be missing from the report.

  • Users need access to delete components from the repositories where the malware is located.

Find malware components and remove them

Use the following steps to find and remove malware from your proxy repositories.

  1. Go to the Repository Firewall dashboard

    This is a screenshot of the Repository Firewall's dashboard where the results are filtered for components violating the Security-Malicious policy.

  2. Select the Security-Malicious policy from the Policy Name filter

    The number shown in the banner may differ as some components may be counted more than once.

    Repository Firewall dashboard filtered and displaying components violating the Security Malicious policy.

  3. Finding the identified malware in the repository

    From Nexus Repository, use the search to find the components matching the Name and Version from the Repository FIrewall Dashboard.

    fw-malware-step-3-results.png

  4. Delete the component

    Select the malware component from the search results, then delete the component using the Delete Component button.

    fw-malware-step-4-delete-components.png

  5. Wait for RHC to run to remove the banner

    After removing the components from the proxy repository, the banner may take up to 24 hours to update the warning. The banner will disappear once all components have been removed from the proxy repositories.