[Samba] ClamAV reporting virus found in 4.8.3 from source

L.P.H. van Belle belle at bazuin.nl
Mon Jul 16 13:14:33 UTC 2018 

Hai, 

I tested with a clean installed debian server, no internet, except through my proxy server. 

clamscan -i /usr/* 
/usr/bin/systemd-mount: Unix.Trojan.Vali-6606621-0 FOUND

Imo, false positive, i've check it. 

cat /var/lib/dpkg/info/systemd.md5sums | grep systemd-mount
e25777acee542359f7f40afaeb930195  usr/bin/systemd-mount
74f79531541390d12bba49581c71ef8e  usr/share/man/man1/systemd-mount.1.gz


md5sum /usr/bin/systemd-mount
e25777acee542359f7f40afaeb930195  /usr/bin/systemd-mount
Matches the above nicely. 

Since i'm just back from vacation. 
I have some work todo first ..  but this catched my eye. 
And i'll go through the 2 weeks of mailings this week. 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> lingpanda101 via samba
> Verzonden: maandag 16 juli 2018 14:02
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] ClamAV reporting virus found in 4.8.3 from source
> 
> Hello,
> 
>      I'm sure it's a false positive but figured I post any way. My 
> weekly full scan of my servers reported the following results.
> 
> /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/grou
> p/group_deluser.inst: 
> Unix.Trojan.Vali-6606621-0 FOUND
> /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/grou
> p/group_adduser.inst: 
> Unix.Trojan.Vali-6606621-0 FOUND
> /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/grou
> p/group_deluser: 
> Unix.Trojan.Vali-6606621-0 FOUND
> /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/grou
> p/group_adduser: 
> Unix.Trojan.Vali-6606621-0 FOUND
> 
> ----------- SCAN SUMMARY -----------
> Known viruses: 6574044
> Engine version: 0.99.4
> Scanned directories: 10863
> Scanned files: 73216
> Infected files: 4
> Data scanned: 3995.07 MB
> Data read: 16074.27 MB (ratio 0.25:1)
> Time: 3595.060 sec (59 m 55 s)
> 
> Anyone else using ClamAV and found the same thing? Thanks.
> 
> -James
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list