Viruses reported by clamav

Bug #1017408 reported by KAMI
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
nepenthes (Ubuntu)
Confirmed
Undecided
Unassigned
sanitizer (Ubuntu)
Confirmed
Undecided
Unassigned
sqlmap (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

mirror/archive.ubuntu.com/ubuntu/pool/universe/s/sanitizer/sanitizer_1.76.orig.tar.gz: Exploit.WMF.Gen-1 FOUND
mirror/archive.ubuntu.com/ubuntu/pool/universe/s/sqlmap/sqlmap_0.6.4.orig.tar.gz: PHP.Shell-32 FOUND
mirror/archive.ubuntu.com/ubuntu/pool/universe/m/mailscanner/mailscanner_4.74.16.orig.tar.gz: Eicar-Test-Signature-1 FOUND
mirror/archive.ubuntu.com/ubuntu/pool/universe/p/pymilter-milters/pymilter-milters_0.8.13.orig.tar.gz: Suspect.DoubleExtension-zippwd-12 FOUND
mirror/archive.ubuntu.com/ubuntu/pool/universe/p/pymilter/pymilter_0.9.3.orig.tar.gz: Exploit.IFrame.Gen FOUND
mirror/archive.ubuntu.com/ubuntu/pool/universe/n/nepenthes/nepenthes_0.2.2.orig.tar.gz: Trojan.Downloader.Bat FOUND
mirror/archive.ubuntu.com/ubuntu/pool/universe/n/nautilus-clamscan/nautilus-clamscan_0.2.2.orig.tar.gz: ClamAV-Test-File FOUND

ClamAV-Test-File FOUND and Eicar-Test-Signature-1 FOUND are OK for me, but how about others? I mirroring 10.04 LTS and did ClamAV check on it.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1017408/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags: added: bot-comment
affects: ubuntu → clamav (Ubuntu)
Revision history for this message
Scott Kitterman (kitterman) wrote :

This isn't a bug in the clamav A/V scanner. We go through this periodically and so far a real one has never been found, but someone needs to check each individual package to see if it's real.

The ones in pymilter and pymilter-milters I know are OK. Those are test files that are close enough to real that they trigger clamav too.

affects: clamav (Ubuntu) → ubuntu
affects: ubuntu → sanitizer (Ubuntu)
affects: mailscanner (Ubuntu) → nepenthes (Ubuntu)
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in nepenthes (Ubuntu):
status: New → Confirmed
Changed in sanitizer (Ubuntu):
status: New → Confirmed
Changed in sqlmap (Ubuntu):
status: New → Confirmed
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

Sqlmap is a security tool, so it might have some code triggering clamav engine.

Changed in sqlmap (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

Closing as invalid. I guess not since years the antivirus should have blacklisted it.

Feel free to scan the tarball uncompressed and report the *exact* file giving the trouble.

thanks

Changed in sqlmap (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers