[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Fwd: URGENT - HTcondor condor_8.4.9-382747-ubuntu14_amd64.deb INFECTED - Benjamin.



Hello.

I did a scan with ESET too.
Nothing.
And same md5.

This probably is a false positive.
But there is two things to know if you are a "hard" in security ;
1) Drweb last 30mn under attack because it is a "new program", other anti-virus last around 30 seconds
2) Clamav scan have only a 30-40% rate off detection, witch is pretty low.

Also I did have a strange behavior.
Once installed, the computers of my cluster keep shutting down themselve.
I am using the port 4445 for a shutdown/reboot script.
Does last version of htcondor use this port ?

What should we do, please ?
Thanks by advance.
Best Regards.
Benjamin.

2016-11-12 0:51 GMT+01:00 Aaron Moate <wiscmoate@xxxxxxxxx>:
Hello Ben,

 ÂI tried scanning the .deb with clamav. It shows as clean for
me. I'm trying to get the one-month trial of drweb working so
that I can try its scan. Could you give us some more data,
like the specifics of the detection message?

 ÂI show the specifics of my clamav scan method below.

Cheers,
Aaron Moate
CHTC Infrastructure Team


Here's the md5sum of the .deb I checked:

moate@localhost:~$ md5sum condor_8.4.9-382747-ubuntu14_amd64.deb
0597e97d242cf0a65005902888ee81c1Â condor_8.4.9-382747-ubuntu14_amd64.deb

My clamav version:

moate@localhost:~$ dpkg -l clamav
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                             Version              ÂArchitecture            Description
+++-=============================================================-===================================-===================================-================================================================================================================================
ii clamav                            0.99.2+addedllvm-0ubuntu0.14.04.1 Âamd64               Âanti-virus utility for Unix - command-line interface

moate@localhost:~$ clamscan condor_8.4.9-382747-ubuntu14_amd64.deb
condor_8.4.9-382747-ubuntu14_amd64.deb: OK

----------- SCAN SUMMARY -----------
Known viruses: 5073809
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 39.59 MB
Data read: 19.61 MB (ratio 2.02:1)
Time: 15.895 sec (0 m 15 s)

I unpacked it with ar, xzcat and tar and did another scan:

moate@localhost:~$ ar vx condor_8.4.9-382747-ubuntu14_amd64.deb
x - debian-binary
x - control.tar.gz
x - data.tar.xz
moate@localhost:~$ mkdir -p data
moate@localhost:~$ cd data/
moate@localhost:~/data$ xzcat ../data.tar.xz | tar x
moate@localhost:~/data$ clamscan -r ./
----------- SCAN SUMMARY -----------
Known viruses: 5073809
Engine version: 0.99.2
Scanned directories: 47
Scanned files: 480
Infected files: 0
Data scanned: 183.85 MB
Data read: 99.91 MB (ratio 1.84:1)
Time: 26.313 sec (0 m 26 s)

On Fri, Nov 11, 2016 at 11:26:16PM +0100, Benjamin LIPERE wrote:
>Â Â It is the normal download.
>Â Â 2016-11-11 23:25 GMT+01:00 Benjamin LIPERE
>Â Â <[1]benjamin.lipere123@gmail.com>:
>
>Â Â Â Hello.
>
>Â Â Â Thanks for your help !
>
>Â Â Â Here is the link :
>Â Â Â [2]https://research.cs.wisc.edu/htcondor/downloads/?state=select_from_mirror_page&version=8.4.9&mirror=UW%20Madison&optional_organization_url=http://
>
>Â Â Â Best Regards.
>Â Â Â Benjamin.
>Â Â Â 2016-11-11 23:21 GMT+01:00 Todd Tannenbaum <[3]tannenba@xxxxxxxxxxx>:
>
>Â Â Â Â On 11/11/2016 4:10 PM, Benjamin LIPERE wrote:
>
>Â Â Â Â Â Hello.
>
>Â Â Â Â Â condor_8.4.9-382747-ubuntu14_amd64.deb
>Â Â Â Â Â and every ubuntu14 that I am downloading
>Â Â Â Â Â are reported infected by Linux.Mirai by Drweb antivirus.
>
>Â Â Â Â Â Can someone check on his end and get back at me quickly, please ?
>
>Â Â Â Â Where are you obtaining this deb archive?
>
>Â Â Â Â Is it from the UW-Madison Ubuntu repo at
>Â Â Â Â Â [4]https://research.cs.wisc.edu/htcondor/ubuntu/stable/
>Â Â Â Â or someplace else?
>
>Â Â Â Â thanks
>Â Â Â Â Todd
>
>Â Â Â Â _______________________________________________
>Â Â Â Â HTCondor-users mailing list
>Â Â Â Â To unsubscribe, send a message to
>Â Â Â Â [5]htcondor-users-request@cs.wisc.edu with a
>Â Â Â Â subject: Unsubscribe
>Â Â Â Â You can also unsubscribe by visiting
>Â Â Â Â [6]https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
>Â Â Â Â The archives can be found at:
>Â Â Â Â [7]https://lists.cs.wisc.edu/archive/htcondor-users/
>
>Â Â Â --
>Â Â Â LIPERE Benjamin
>Â Â Â Le logis de paille
>Â Â Â 87270, Chaptelat
>Â Â Â FRANCE
>Â Â Â 06 26 14 35 20
>Â Â Â [8]benjamin.lipere123@gmail.com
>
>Â Â --
>Â Â LIPERE Benjamin
>Â Â Le logis de paille
>Â Â 87270, Chaptelat
>Â Â FRANCE
>Â Â 06 26 14 35 20
>Â Â [9]benjamin.lipere123@gmail.com
>
> References
>
>Â Â Visible links
>Â Â 1. mailto:benjamin.lipere123@gmail.com
>Â Â 2. https://research.cs.wisc.edu/htcondor/downloads/?state=select_from_mirror_page&version=8.4.9&mirror=UW%20Madison&optional_organization_url=http://
>Â Â 3. mailto:tannenba@xxxxxxxxxxx
>Â Â 4. https://research.cs.wisc.edu/htcondor/ubuntu/stable/
>Â Â 5. mailto:htcondor-users-request@cs.wisc.edu
>Â Â 6. https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>Â Â 7. https://lists.cs.wisc.edu/archive/htcondor-users/
>Â Â 8. mailto:benjamin.lipere123@gmail.com
>Â Â 9. mailto:benjamin.lipere123@gmail.com

> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@cs.wisc.edu with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@cs.wisc.edu with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/



--
LIPERE Benjamin
Le logis de paille
87270, Chaptelat
FRANCE
06 26 14 35 20
benjamin.lipere123@xxxxxxxxx