Yep. Drweb is a very good antivirus. For me, sometime, i can't finish the download. Also, it is the easiest one for HPC cluster.
I got drweb working on the 32-bit EL6 BaTLab platform, and it
does indeed seem to think that
amd64.deb is a threat, specifically
ckpt_probe file inside.Â I
tried to extract the file uzing xzcat and tar, but for some
reason have been unable to so far, even though strace claims
it's being written to disk.
[moate@localhost ~]$ drweb-ctl -d scan condor_8.4.9-382747-ubuntu14_
Debug: Use ConfigD public socket "/var/run/.com.drweb.public"
Debug: ConfigD <-- GET_FCHECK_REQUEST uid=10006
Debug: ConfigD --> GET_FCHECK_RESPONSE: OK
Debug: Use FileCheck socket "/var/run/.com.drweb.fcheck/
Debug: ConfigD <-- MY_INFO_NOTIFICATION
Debug: FileCheck <-- SUBSCRIBE_TO_SCAN_INFO
Debug: FileCheck <-- START_SCAN_REQUEST
Debug: FileCheck --> SCAN_INFO_NOTIFICATION ()
Debug: FileCheck --> START_SCAN_RESPONSE 15
Debug: FileCheck --> SCAN_INFO_NOTIFICATION (15:SCAN_STATE_PENDING)
Debug: FileCheck --> SCAN_INFO_NOTIFICATION (15:SCAN_STATE_RUNNING)
Debug: FileCheck --> SCAN_INFO_NOTIFICATION (15:SCAN_STATE_FINISHED Success)
382747-ubuntu14_amd64.deb// data.tar.xz//xz//./usr/lib/ condor/libexec/condor_ckpt_ probe - infected with Linux.Mirai.54
Debug: Scan finished: Success
Info: Scanned objects: 1, scan errors: 0, threats found: 1, threats neutralized: 0.
Info: Scanned 20082.08 KB in 8.49 s with speed 2364.55 KB/s.
[moate@localhost ~]$ mkdir -p data
[moate@localhost ~]$ cd data
[moate@localhost data]$ xzcat ../data.tar.xz | tar xv ./usr/lib/condor/libexec/
[moate@localhost data]$ ls -al ./usr/lib/condor/libexec/
ls: cannot access ./usr/lib/condor/libexec/
condor_ckpt_probe: No such file or directory
CHTC Infrastructure Team
On Sat, Nov 12, 2016 at 03:35:54AM +0100, Benjamin LIPERE wrote:
>Â Â Hello.
>Â Â Thanks for your helps !
>Â Â That was very informative from both of you !
>Â Â Best Regards.
>Â Â Benjamin.
>Â Â 2016-11-12 2:43 GMT+01:00 Tim Theisen <tim@xxxxxxxxxxx>:
>Â Â Â Is there any chance that you installed the 8.5.7 version from the
>Â Â Â development release?
>Â Â Â For a brief time the 8.5.7 version available for download had some
>Â Â Â preliminary work that was not yet intended to be released. If you find
>Â Â Â any of the following files in your installation, please delete them:
>Â Â Â Â Â rm -f /etc/condor/config.d/50ec2.
>Â Â Â Â Â rm -f /etc/condor/config.d/49ec2-
>Â Â Â Â Â rm -f /etc/condor/master_shutdown_
>Â Â Â This was not present in the stable release (8.4.9). However, since the
>Â Â Â symptoms match, it is worth mentioning. If you have the
>Â Â Â master_shutdown_script.sh present, the machine will shut itself down
>Â Â Â after 15 minutes with no HTCondor job.
>Â Â Â ...Tim
>Â Â Â On 11/11/2016 06:08 PM, Benjamin LIPERE wrote:
>Â Â Â Â Hello.
>Â Â Â Â I did a scan with ESET too.
>Â Â Â Â Nothing.
>Â Â Â Â And same md5.
>Â Â Â Â This probably is a false positive.
>Â Â Â Â But there is two things to know if you are a "hard" in security ;
>Â Â Â Â 1) Drweb last 30mn under attack because it is a "new program", other
>Â Â Â Â anti-virus last around 30 seconds
>Â Â Â Â 2) Clamav scan have only a 30-40% rate off detection, witch is pretty
>Â Â Â Â low.
>Â Â Â Â Also I did have a strange behavior.
>Â Â Â Â Once installed, the computers of my cluster keep shutting down
>Â Â Â Â themselve.
>Â Â Â Â I am using the port 4445 for a shutdown/reboot script.
>Â Â Â Â Does last version of htcondor use this port ?
>Â Â Â Â What should we do, please ?
>Â Â Â Â Thanks by advance.
>Â Â Â Â Best Regards.
>Â Â Â Â Benjamin.
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@cs.
You can also unsubscribe by visiting
The archives can be found at: