[Samba] ClamAV reporting virus found in 4.8.3 from source
L.P.H. van Belle
belle at bazuin.nl
Mon Jul 16 13:14:33 UTC 2018
Hai,
I tested with a clean installed debian server, no internet, except through my proxy server.
clamscan -i /usr/*
/usr/bin/systemd-mount: Unix.Trojan.Vali-6606621-0 FOUND
Imo, false positive, i've check it.
cat /var/lib/dpkg/info/systemd.md5sums | grep systemd-mount
e25777acee542359f7f40afaeb930195 usr/bin/systemd-mount
74f79531541390d12bba49581c71ef8e usr/share/man/man1/systemd-mount.1.gz
md5sum /usr/bin/systemd-mount
e25777acee542359f7f40afaeb930195 /usr/bin/systemd-mount
Matches the above nicely.
Since i'm just back from vacation.
I have some work todo first .. but this catched my eye.
And i'll go through the 2 weeks of mailings this week.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> lingpanda101 via samba
> Verzonden: maandag 16 juli 2018 14:02
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] ClamAV reporting virus found in 4.8.3 from source
>
> Hello,
>
> I'm sure it's a false positive but figured I post any way. My
> weekly full scan of my servers reported the following results.
>
> /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/grou
> p/group_deluser.inst:
> Unix.Trojan.Vali-6606621-0 FOUND
> /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/grou
> p/group_adduser.inst:
> Unix.Trojan.Vali-6606621-0 FOUND
> /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/grou
> p/group_deluser:
> Unix.Trojan.Vali-6606621-0 FOUND
> /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/grou
> p/group_adduser:
> Unix.Trojan.Vali-6606621-0 FOUND
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 6574044
> Engine version: 0.99.4
> Scanned directories: 10863
> Scanned files: 73216
> Infected files: 4
> Data scanned: 3995.07 MB
> Data read: 16074.27 MB (ratio 0.25:1)
> Time: 3595.060 sec (59 m 55 s)
>
> Anyone else using ClamAV and found the same thing? Thanks.
>
> -James
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list