Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#50134 - Suspected antivirus scan results
Attached to Project:
Arch Linux
Opened by Liudas AliĊĦauskas (liudas) - Saturday, 23 July 2016, 08:52 GMT
Last edited by Allan McRae (Allan) - Saturday, 23 July 2016, 10:32 GMT
Opened by Liudas AliĊĦauskas (liudas) - Saturday, 23 July 2016, 08:52 GMT
Last edited by Allan McRae (Allan) - Saturday, 23 July 2016, 10:32 GMT
|
DetailsDescription:
Scan results of Archlinux mirror by clamav at 2016-07-23: ------------ impacket-0.9.15-1-any.pkg/usr/lib/python2.7/site-packages/impacket/examples/ntlmrelayx/clients/smbrelayclient.py: Win.Exploit.CVE_2015_0005-1 FOUND impacket-0.9.15-1-any.pkg/usr/bin/smbrelayx.py: Win.Exploit.CVE_2015_0005-1 FOUND libxml2-2.9.4+0+gbdec218-2-i686.pkg/usr/share/doc/libxml2-python-2.9.4/examples/reader2.py: Xml.Exploit.CVE_2013_3860-1 FOUND libxml2-2.9.4+0+gbdec218-2-x86_64.pkg/usr/share/doc/libxml2-python-2.9.4/examples/reader2.py: Xml.Exploit.CVE_2013_3860-1 FOUND radare2-0.10.4-1-i686.pkg/usr/lib/libr_egg.so.0.10.4: Unix.Malware.Binsh-1 FOUND radare2-0.10.4-1-x86_64.pkg/usr/lib/libr_egg.so.0.10.4: Unix.Malware.Binsh-1 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 4667494 Engine version: 0.99.2 Scanned directories: 191 Scanned files: 1928 Infected files: 6 Data scanned: 58.51 MB Data read: 54.40 MB (ratio 1.08:1) Time: 9.781 sec (0 m 9 s ----------- Not sure if it's false positive. |
This task depends upon
impacket detection is in an example script, even smbrelayx.py is under examples upstream. Header of that file indicates it abuses CVE_2015_0005 intentionally https://github.com/CoreSecurity/impacket/blob/master/examples/smbrelayx.py
libxml2 detection has discussion here https://www.reddit.com/r/sysadmin/comments/4tx2ao/clamav_found_billionlaughsxml_exploit_cve_2013/
EDIT: I should have probably elaborated so people don't have to click that link. The detection happens because the script actually checks for that exploit and it's never used in a end-user situation.
radare2 is a reverse engineering framework so I'd assume that to be a false positive, can't say for certain about that one.