ebtablesd marked as malware

[canle1404]

Environmental Info:
RKE2 Version: v1.25.16+rke2r1

Node(s) CPU architecture, OS, and Version: Linux ***************-3ff50b01-r276g 5.4.0-1041-aws #43-Ubuntu SMP Fri Mar 19 22:06:16 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Cluster Configuration: 3 nodes

Describe the bug: We are using ORCA for scanning security and ORCA marked this file as malware /var/lib/rancher/rke2/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/7/fs/usr/sbin/ebtablesd
VirusTotal scan result: https://www.virustotal.com/gui/file/c4af716f77714aa5dd16f570a76d4fc890cbcf17d1f7c7b1bed4aff2a67a127e

Steps To Reproduce:

• Installed RKE2 cluster with Rancher
• Get hash file: sha256sum /var/lib/rancher/rke2/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/<snapshot ID>/fs/usr/sbin/ebtablesd
• Copy the sha into https://www.virustotal.com/gui/home/search

Expected behavior:

Actual behavior:

Additional context / logs:

[canle1404]

I think this issue will relate to k3s-io/k3s#9738

[brandond]

Yes, closing this as a duplicate of that issue.