lingpanda101
2018-Jul-16 12:02 UTC
[Samba] ClamAV reporting virus found in 4.8.3 from source
Hello, I'm sure it's a false positive but figured I post any way. My weekly full scan of my servers reported the following results. /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/group/group_deluser.inst: Unix.Trojan.Vali-6606621-0 FOUND /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/group/group_adduser.inst: Unix.Trojan.Vali-6606621-0 FOUND /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/group/group_deluser: Unix.Trojan.Vali-6606621-0 FOUND /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/group/group_adduser: Unix.Trojan.Vali-6606621-0 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 6574044 Engine version: 0.99.4 Scanned directories: 10863 Scanned files: 73216 Infected files: 4 Data scanned: 3995.07 MB Data read: 16074.27 MB (ratio 0.25:1) Time: 3595.060 sec (59 m 55 s) Anyone else using ClamAV and found the same thing? Thanks. -James
L.P.H. van Belle
2018-Jul-16 13:14 UTC
[Samba] ClamAV reporting virus found in 4.8.3 from source
Hai, I tested with a clean installed debian server, no internet, except through my proxy server. clamscan -i /usr/* /usr/bin/systemd-mount: Unix.Trojan.Vali-6606621-0 FOUND Imo, false positive, i've check it. cat /var/lib/dpkg/info/systemd.md5sums | grep systemd-mount e25777acee542359f7f40afaeb930195 usr/bin/systemd-mount 74f79531541390d12bba49581c71ef8e usr/share/man/man1/systemd-mount.1.gz md5sum /usr/bin/systemd-mount e25777acee542359f7f40afaeb930195 /usr/bin/systemd-mount Matches the above nicely. Since i'm just back from vacation. I have some work todo first .. but this catched my eye. And i'll go through the 2 weeks of mailings this week. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > lingpanda101 via samba > Verzonden: maandag 16 juli 2018 14:02 > Aan: samba at lists.samba.org > Onderwerp: [Samba] ClamAV reporting virus found in 4.8.3 from source > > Hello, > > I'm sure it's a false positive but figured I post any way. My > weekly full scan of my servers reported the following results. > > /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/grou > p/group_deluser.inst: > Unix.Trojan.Vali-6606621-0 FOUND > /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/grou > p/group_adduser.inst: > Unix.Trojan.Vali-6606621-0 FOUND > /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/grou > p/group_deluser: > Unix.Trojan.Vali-6606621-0 FOUND > /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/grou > p/group_adduser: > Unix.Trojan.Vali-6606621-0 FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 6574044 > Engine version: 0.99.4 > Scanned directories: 10863 > Scanned files: 73216 > Infected files: 4 > Data scanned: 3995.07 MB > Data read: 16074.27 MB (ratio 0.25:1) > Time: 3595.060 sec (59 m 55 s) > > Anyone else using ClamAV and found the same thing? Thanks. > > -James > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Andrew Bartlett
2018-Jul-24 03:10 UTC
[Samba] ClamAV reporting virus found in 4.8.3 from source
On Mon, 2018-07-16 at 08:02 -0400, lingpanda101 via samba wrote:> Hello, > > I'm sure it's a false positive but figured I post any way. My > weekly full scan of my servers reported the following results.ClamAV signatures are notoriously broad, we had samba sources being banned due to some windows shell commands we included. https://www.linuxquestions.org/questions/slackware-14/clamav-detection- on-cups-4175633866/ https://ubuntuforums.org/showthread.php?t=2396418 https://lists.debian.org/debian-user/2018/07/msg00580.html Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Maybe Matching Threads
- Callback Problem: Why to use self.var= instead of @var=
- cv.glm function error message in a loop
- Error compiling samba in debian wheezy
- R 2.0.0: namespaces, S4 classes & versioned package installation: failure to resolve correct pkg version
- samba accounts management API