Mailing List Archives

Public Access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Fwd: URGENT - HTcondor condor_8.4.9-382747-ubuntu14_amd64.deb INFECTED - Benjamin.

Hello Ben,

   I tried scanning the .deb with clamav. It shows as clean for
me.  I'm trying to get the one-month trial of drweb working so
that I can try its scan.  Could you give us some more data,
like the specifics of the detection message?

   I show the specifics of my clamav scan method below.

Cheers,
Aaron Moate
CHTC Infrastructure Team


Here's the md5sum of the .deb I checked:

moate@localhost:~$ md5sum condor_8.4.9-382747-ubuntu14_amd64.deb
0597e97d242cf0a65005902888ee81c1  condor_8.4.9-382747-ubuntu14_amd64.deb

My clamav version:

moate@localhost:~$ dpkg -l clamav
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                                                          Version                             Architecture                        Description
+++-=============================================================-===================================-===================================-================================================================================================================================
ii  clamav                                                        0.99.2+addedllvm-0ubuntu0.14.04.1   amd64                               anti-virus utility for Unix - command-line interface

moate@localhost:~$ clamscan condor_8.4.9-382747-ubuntu14_amd64.deb
condor_8.4.9-382747-ubuntu14_amd64.deb: OK

----------- SCAN SUMMARY -----------
Known viruses: 5073809
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 39.59 MB
Data read: 19.61 MB (ratio 2.02:1)
Time: 15.895 sec (0 m 15 s)

I unpacked it with ar, xzcat and tar and did another scan:

moate@localhost:~$ ar vx condor_8.4.9-382747-ubuntu14_amd64.deb
x - debian-binary
x - control.tar.gz
x - data.tar.xz
moate@localhost:~$ mkdir -p data
moate@localhost:~$ cd data/
moate@localhost:~/data$ xzcat ../data.tar.xz | tar x
moate@localhost:~/data$ clamscan -r ./
----------- SCAN SUMMARY -----------
Known viruses: 5073809
Engine version: 0.99.2
Scanned directories: 47
Scanned files: 480
Infected files: 0
Data scanned: 183.85 MB
Data read: 99.91 MB (ratio 1.84:1)
Time: 26.313 sec (0 m 26 s)

On Fri, Nov 11, 2016 at 11:26:16PM +0100, Benjamin LIPERE wrote:
>    It is the normal download.
>    2016-11-11 23:25 GMT+01:00 Benjamin LIPERE
>    <[1]benjamin.lipere123@xxxxxxxxx>:
> 
>      Hello.
> 
>      Thanks for your help !
> 
>      Here is the link :
>      [2]https://research.cs.wisc.edu/htcondor/downloads/?state=select_from_mirror_page&version=8.4.9&mirror=UW%20Madison&optional_organization_url=http://
> 
>      Best Regards.
>      Benjamin.
>      2016-11-11 23:21 GMT+01:00 Todd Tannenbaum <[3]tannenba@xxxxxxxxxxx>:
> 
>        On 11/11/2016 4:10 PM, Benjamin LIPERE wrote:
> 
>          Hello.
> 
>          condor_8.4.9-382747-ubuntu14_amd64.deb
>          and every ubuntu14 that I am downloading
>          are reported infected by Linux.Mirai by Drweb antivirus.
> 
>          Can someone check on his end and get back at me quickly, please ?
> 
>        Where are you obtaining this deb archive?
> 
>        Is it from the UW-Madison Ubuntu repo at
>          [4]https://research.cs.wisc.edu/htcondor/ubuntu/stable/
>        or someplace else?
> 
>        thanks
>        Todd
> 
>        _______________________________________________
>        HTCondor-users mailing list
>        To unsubscribe, send a message to
>        [5]htcondor-users-request@xxxxxxxxxxx with a
>        subject: Unsubscribe
>        You can also unsubscribe by visiting
>        [6]https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> 
>        The archives can be found at:
>        [7]https://lists.cs.wisc.edu/archive/htcondor-users/
> 
>      --
>      LIPERE Benjamin
>      Le logis de paille
>      87270, Chaptelat
>      FRANCE
>      06 26 14 35 20
>      [8]benjamin.lipere123@xxxxxxxxx
> 
>    --
>    LIPERE Benjamin
>    Le logis de paille
>    87270, Chaptelat
>    FRANCE
>    06 26 14 35 20
>    [9]benjamin.lipere123@xxxxxxxxx
> 
> References
> 
>    Visible links
>    1. mailto:benjamin.lipere123@xxxxxxxxx
>    2. https://research.cs.wisc.edu/htcondor/downloads/?state=select_from_mirror_page&version=8.4.9&mirror=UW%20Madison&optional_organization_url=http://
>    3. mailto:tannenba@xxxxxxxxxxx
>    4. https://research.cs.wisc.edu/htcondor/ubuntu/stable/
>    5. mailto:htcondor-users-request@xxxxxxxxxxx
>    6. https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>    7. https://lists.cs.wisc.edu/archive/htcondor-users/
>    8. mailto:benjamin.lipere123@xxxxxxxxx
>    9. mailto:benjamin.lipere123@xxxxxxxxx

> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> 
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/