Comment 6 for bug 1968806

Pnscan was the only report. I've been looking over the summaries
for Pnscan-8031486-0 at https://malware.prevasio.io/ and it's obvious that
pnscan is used by multiple malware packages and even a miner. In no case
are the ancillary files in the summaries present on my system. But if they
were ever there, they could have been auto-cleaned once pnscan was purged.

It appears to me that this instance is something which probably can't be
pursued further. In a way pnscan presence may just be an invitation.

Thanks.

On Tue, Apr 19, 2022 at 10:15 PM Seth Arnold <email address hidden>
wrote:

> The frog is definitely weird, but clamscan is almost certainly just
> reporting a tool that might be used by attackers. There's lots of those.
> Does it also report tcpdump? wireshark? ettercap? nc? telnet? nmap?
> socat? stunnel?
>
> Thanks
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1968806
>
> Title:
> Clamscan reports Unix.Tool.Pnscan-8031486-0 in 1.12+git20180612-2
> pnscan version
>
> Status in pnscan package in Ubuntu:
> Incomplete
>
> Bug description:
> My system showed unusually high memory and swap usage for a few weeks,
> also occasional lags in situations when it was always brisk before. I
> naturally ran clamscan to check. Pnscan was flagged as containing the
> malware. I removed and purged pnscan, and continued to scan for
> anything else out of line. Saw nothing else, and rebooted. Memory
> and swap usage was normal for several hours. Then I reinstalled
> pnscan from the repository. Clamscan reported
> Unix.Tool.Pnscan-8031486-0 in pnscan again. So I removed and purged
> pnscan again.
>
> I recognize that clamscan could be misleading here, but I never saw
> this report before, and it's clear that my memory and swap issues
> haven't returned.
>
> I'm going to suggest this is a security vulnerability, even though the
> clamscan result might be misleading.
>
> lsb_release -rd
> Description: Ubuntu 20.04.4 LTS
> Release: 20.04
>
> uname -a
> Linux ryzen7 5.4.0-107-lowlatency #121-Ubuntu SMP PREEMPT Thu Mar 24
> 16:45:08 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
>
> pnscan 1.12+git20180612-2
>
> ProblemType: Bug
> DistroRelease: Ubuntu 20.04
> Package: pnscan 1.12+git20180612-2
> ProcVersionSignature: Ubuntu 5.4.0-107.121-lowlatency 5.4.174
> Uname: Linux 5.4.0-107-lowlatency x86_64
> ApportVersion: 2.20.11-0ubuntu27.23
> Architecture: amd64
> CasperMD5CheckResult: skip
> CurrentDesktop: KDE
> Date: Tue Apr 12 20:48:45 2022
> InstallationDate: Installed on 2012-12-03 (3417 days ago)
> InstallationMedia: Kubuntu 12.10 "Quantal Quetzal" - Release amd64
> (20121017.1)
> ProcEnviron:
> PATH=(custom, no user)
> XDG_RUNTIME_DIR=<set>
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SourcePackage: pnscan
> UpgradeStatus: Upgraded to focal on 2020-04-29 (713 days ago)
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/pnscan/+bug/1968806/+subscriptions
>
>