clamav detection on cups

johnny23 · 07-12-2018, 08:32 AM

If I run a clamscan on a Slackware 14.2 machine I have I get this:

Quote:

/... usb stick with installer .../SLACKDVD/slackware64/ap/cups-2.1.4-x86_64-1.txz: Unix.Trojan.Vali-6606621-0 FOUND
/usr/bin/lprm-cups: Unix.Trojan.Vali-6606621-0 FOUND

re-installing the cups package from pkgs.org doesn't help.

Is this a concern or is it a false positive? Does anyone else see this?

RadicalDreamer · 07-12-2018, 09:04 AM

Where did you get it originally?

Upload lprm-cups to here and find out:
https://www.virustotal.com

Edit: Nice official Slackware mirror: http://mirrors.xmission.com/slackware/

ponce · 07-12-2018, 09:05 AM

Quote:

Originally Posted by johnny23

re-installing the cups package from pkgs.org doesn't help.

don't use the shitty pkgs.org (not related to Slackware and full of ads), use an official Slackware mirror!

Quote:

Is this a concern or is it a false positive? Does anyone else see this?

I see that too and I think it's a false positive.

johnny23 · 07-12-2018, 09:59 AM

Quote:

Originally Posted by ponce

I see that too and I think it's a false positive.

That's my feeling. I can't see any other evidence of anything amiss with the machine.

bamunds · 07-14-2018, 11:02 PM

Have you thought of submitting it to virustotal? See if it still shows there, if not this is probably a false positive.

RadicalDreamer · 07-15-2018, 05:58 AM

Code:

/usr/lib64/cups/cgi-bin/jobs.cgi: Unix.Trojan.Vali-6606621-0 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 6574044
Engine version: 0.100.0
Scanned directories: 62809
Scanned files: 631261
Infected files: 1
Data scanned: 28049.14 MB
Data read: 534662.63 MB (ratio 0.05:1)
Time: 3388.527 sec (56 m 28 s)
~

Results:
https://www.virustotal.com/#/file/e7...c37b/detection

bamunds · 07-15-2018, 03:29 PM

I see that it is only ClamAV still detecting this as a virus. I'd send it to the folks at ClamAV and ask them if it is a false positive. Then I'd follow the other instructions, download only from a valid Slackware repository the needed file and install it. If you hear back from ClamAV please post back here their comments, especially if they still think it is a valid trojan, maybe you've found a new one.

mralk3 · 07-15-2018, 05:03 PM

I sent a report using the clamtk interface so that the clamav people can correct the false positive.