Do you plan a patch ? Please let me know.
ÂI have rebuilt HTCondor on a fresh Ubuntu14 installation, I checked the signatures and checksums. I am confident that this is a false positive.
This particular executable is only used to determine standard universe support. If Dr. Web deletes this file, most of HTCondor will continue to work properly.
On 11/14/2016 11:36 AM, Aaron Moate wrote:
It seems I was unable to extract the file in question because drweb was deleting it as soon as it was written. "condor_ckpt_probe" is indeed the specific file it's alerting on. We ran drweb's scan against a release that is two years old (before Mirai was discovered). The scan showed positive: [moate@localhost ~]$ sudo drweb-ctl scan condor-8.2.3-274619-ubuntu_14.
04_amd64.deb /home/moate/condor-8.2.3- 274619-ubuntu_14.04_amd64.deb/ /data.tar.gz//gziped.gz//./ usr/lib/condor/libexec/condor_ ckpt_probe - infected with Linux.Mirai.54 Scanned objects: 1, scan errors: 0, threats found: 1, threats neutralized: 0. Scanned 31907.75 KB in 5.87 s with speed 5432.03 KB/s. So right now it's looking like a false positive. We're working at getting more exact verification. Cheers, Aaron Moate CHTC Infrastructure Team On Sat, Nov 12, 2016 at 08:12:05AM +0100, Benjamin LIPERE wrote:So i am not really surprised. Thanks for the confirmation. Le 12 nov. 2016 08:11, "Benjamin LIPERE" <benjamin.lipere123@gmail. com>a ïcrit : Yep. Drweb is a very good antivirus. For me, sometime, i can't finish the download. Also, it is the easiest one for HPC cluster. Le 12 nov. 2016 05:53, "Aaron Moate" <wiscmoate@xxxxxxxxx> a ïcrit : I got drweb working on the 32-bit EL6 BaTLab platform, and it does indeed seem to think that condor_8.4.9-382747-ubuntu14_ amd64.deb is a threat, specifically the usr/lib/condor/libexec/condor_ ckpt_probe file inside. I tried to extract the file uzing xzcat and tar, but for some reason have been unable to so far, even though strace claims it's being written to disk. [moate@localhost ~]$ drweb-ctl -d scan condor_8.4.9-382747-ubuntu14_ amd64.deb Debug: Use ConfigD public socket "/var/run/.com.drweb.public" Debug: ConfigD <-- GET_FCHECK_REQUEST uid=10006 Debug: ConfigD --> GET_FCHECK_RESPONSE: OK Debug: Use FileCheck socket "/var/run/.com.drweb.fcheck/ 10006" Debug: ConfigD <-- MY_INFO_NOTIFICATION Debug: FileCheck <-- SUBSCRIBE_TO_SCAN_INFO Debug: FileCheck <-- START_SCAN_REQUEST Debug: FileCheck --> SCAN_INFO_NOTIFICATION () Debug: FileCheck --> START_SCAN_RESPONSE 15 Debug: FileCheck --> SCAN_INFO_NOTIFICATION (15:SCAN_STATE_PENDING) Debug: FileCheck --> SCAN_INFO_NOTIFICATION (15:SCAN_STATE_RUNNING) Debug: FileCheck --> SCAN_INFO_NOTIFICATION (15:SCAN_STATE_FINISHED Success) Info: /home/moate/condor_8.4.9- 382747-ubuntu14_amd64.deb// data.tar.xz//xz//./usr/lib/ condor/libexec/condor_ckpt_ probe - infected with Linux.Mirai.54 Debug: Scan finished: Success Info: Scanned objects: 1, scan errors: 0, threats found: 1, threats neutralized: 0. Info: Scanned 20082.08 KB in 8.49 s with speed 2364.55 KB/s. [moate@localhost ~]$ mkdir -p data [moate@localhost ~]$ cd data [moate@localhost data]$ xzcat ../data.tar.xz | tar xv ./usr/lib/condor/libexec/ condor_ckpt_probe ./usr/lib/condor/libexec/ condor_ckpt_probe [moate@localhost data]$ ls -al ./usr/lib/condor/libexec/ condor_ckpt_probe ls: cannot access ./usr/lib/condor/libexec/ condor_ckpt_probe: No such file or directory Aaron Moate CHTC Infrastructure Team
_________________ HTCondor-users mailing list To unsubscribe, send a message to htcondor-users-request@cs. wisc.eduwith a subject: Unsubscribe You can also unsubscribe by visiting https://lists.cs.wisc.edu/ mailman/listinfo/htcondor-The archives can be found at: https://lists.cs.wisc.edu/ users archive/htcondor-users/
-- Tim Theisen Release Manager HTCondor & Open Science Grid Center for High Throughput Computing Department of Computer Sciences University of Wisconsin - Madison 4261 Computer Sciences and Statistics 1210 W Dayton St Madison, WI 53706-1685 +1 608 265 5736
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@cs.
You can also unsubscribe by visiting
The archives can be found at: