Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Found malware by clamscan
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
x0fis
n00b
n00b


Joined: 30 May 2013
Posts: 10
PostPosted: Sun Jan 11, 2015 7:28 pm    Post subject: Found malware by clamscan Reply with quote
Hello,
I'm running clamscan because something is spamming from our server(nothink in logs :( )
Code:
clamscan -r --bell -i

outputs
Code:
/usr/lib64/perl5/vendor_perl/5.20.1/LWP/UserAgent.pm: winnow.malware.ts.url.886558.UNOFFICIAL FOUND
/usr/portage/distfiles/libwww-perl-6.05.tar.gz: winnow.malware.ts.url.886558.UNOFFICIAL FOUND

Maybe UserAgent.pm is attackers file? Where can I find more information like what type of malware is that, what does do, etc.?

I want to remove these files. So rm /usr/portage/distfiles/libwww-perl-6.05.tar.gz and then emerge -C dev-perl/libwww-perl-6.50.0 which belongs to UserAgent.pm and then emerge dev-perl/libwww-perl-6.50.0 back?

Thank you!
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9679
Location: almost Mile High in the USA
PostPosted: Mon Jan 12, 2015 12:50 am    Post subject: Reply with quote
There's a distinct possibility that there's a false positive here... then again everyone who has libwww-perl-6.05.tar.gz may have the problem... I haven't tested this yet however...

Theoretically if the checksum on the tar.gz file matches the Gentoo repo, then emerging it again will still test positive. Try emerge -f libwww-perl and see if it downloads the same file again...

[EDIT]

I just freshclamed and scanned my copy of libwww-perl and there's no positive report on it...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
seminiva
n00b
n00b


Joined: 16 Jun 2022
Posts: 1
Location: RF
PostPosted: Thu Jun 16, 2022 11:46 am    Post subject: Reply with quote
eccerr0r wrote:
There's a distinct possibility that there's a false positive here... then again everyone who has libwww-perl-6.05.tar.gz may have the problem... I haven't tested this yet however...

Theoretically if the checksum on the tar.gz file matches the Gentoo repo, then emerging it again will still test positive. Try emerge -f libwww-perl and see if it downloads the same file again...

[EDIT]

I just freshclamed and scanned my copy of libwww-perl and there's no positive report on it...


I also think this is a false positive. For example, on one of my sites, a report appeared in the hosting control panel that there are 11 files with possible problems. As a result, these turned out to be junk pages from the caching plugin, which for some reason were created so crookedly and were not deleted when the cache was rebuilt.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy