Slackware 13.1 DVD ISO image - Malware detected by avast?
 

Hi everyone.

I just downloaded he Slackware 13.1 32-bit DVD ISO from http://mirrors.slackware.com.

ZI scan everything just to make sure there are no potential malware. When I scanned this, it found 4 file right away detected as malware.

I also had the same issue with a Slackware 13.37 image I downloaded from https://archive.org yesterday and just thought maybe that was an infected image from an unknown site although Norton website check said archive.org was safe. But now after downloading from the official Slackware website and finding malware, I wonder if this is a false positive with Slackware DVD ISO images and avast or if I need to be worried.

I verified that the MD5 matched what was on the site for the ISO image using WinMD5Free.

Below is a link to my avast scan screenshot

http://postimg.org/image/ppgux913t/

Well, if you downloaded it from a valid mirror and the MD5 matched, there is certainly no malware and the issue should be sent to Avast so they can get their engine updated so others don't get a false positive.

Just as an FYI, Slackware 13.1 has its EOL (end of life) scheduled for 25 MAY 2015. After this date (2 weeks from today), there may no longer be any provided security updates. Pat and team plan support based on a five year schedule and in two weeks, it marks the 5 year anniversary of when Slackware 13.1 was released.

Just as an FYI, Slackware 13.1 will be 5 years old in 2 weeks from today. We don't know how long they will provide security updates for releases, but with 5 year old Linux software, you start quite behind the times and it can cause compatibilty issues if you're trying to run software that is more current. It is highly recommended to use a more modern release (14.1 being the latest).

Back in 2001, I ran a double-boot Slackware 7.1 and Windows 2000. The antivirus on the Windows partition detected a "malware" in the MBR and... decided to wipe LILO. That day precisely was the last day I actually used Windows for work. I've been 100 GNU/Linux since that time. Never looked back.

PS: you want Slackware 14.1

Indeed - I'd see exactly what pieces Avast identifies as malware and provide it as feedback. It's not the first time Windows virus scanners have identified Linux tools as viruses.

There is no EOL announced for 13.1, and I'm not aware of any specific lengths of time being announced or committed to for which a Slackware release will be supported. Did you imply this from the note in the 12.2 ChangeLog?

It was listed on wikipedia's site and I just assumed I'd missed the memo of a 5-year support timeframe.

Haha... oops, I just realized that they had the "~" in front of the EOL date to signify that it is speculation. I'll adjust my initial post to reflect that. Thanks!

Either way, unless there is a solid reason, it doesn't make sense to install a 5 year old Slackware.

EDIT: I have changed wikipedia's entries to show "No EOL Announced" to prevent others from coming to the same conclusion as me.

Member response
 

Hi,

From http://slackware.mirrors.tds.net/pub...ChangeLog.txt; Hope this helps.
Have fun & enjoy!
:hattip:

That does not apply here since none of these versions is the one OP is attempting to download. Also, as drmozes mentioned, Pat has made no mention of any planned EOL for 13.0 and up (12.1 and 12.2 were EOLed on 9 DEC 2013).

All that is mentioned is that the versions would be at least 5 years old before they were EOLed, but 13.0 is coming up on 6 years in August, so using 5 years doesn't work.

Avast thinks dip is a rootkit?

Yeah, it's a false positive.

Member response
 

Hi,
I believe the 'five years' comes from this portion of that changelog;PV will be the one who decides when to EOL a version.

Avast was in the news four days ago for wrecking e.g. "TeamViewer rendering it useless, Corel, and MS XNA framework" last Wednesday because of false positive errors.
F*cking DLL! Avast false positive trashes Windows code libraries, The Register, 7 May 2015

We had a lot of problems back in the day from false virus positives. Seems a lot of them consider anything including words in Russian to be malware.

Avast! is not a great antivirus solution for Windows like it used to be. It scans for a lot but has too many false positives nowadays. For my Windows machines, I only use Microsoft Security Essential and MalwareBytes Pro any more due to this. I haven't had too many false-positives with these, and usually these try to play fair now with other software.

Another try would be Comodo Internet Security also.

Odds are Avast doesn't understand something about the Slackware *.iso.

when I'm booted into Windows and run Malwarebytes, it finds a suspicious file on one of my external USB drives. The suspicious file is a HOWTO for something in Mac format. It's not malware, but Malwarebytes doesn't know what it is, so it flags the file.

Thanks for the help everyone.

As for downloading 13.1 instead of 14.1, I have an old Dell Inspiron 1501 Laptop with the integrated Radeon XPress X1150 graphics chip that ZI am trying to revive and that video chipset is a pain with new Linux releases so I have been trying lots of releases with the 2.6.33 or later kernel so I get TRIM support as per this website here: http://wiki.cchtml.com/index.php/Hardware.

The older Radeon drivers only work with Linux Kernel 2.6.28 or older, so was trying to find a kernel closest to that that supports TRIM which is why I have been messing around with older releases.

LILO should be patched to identify a Windows partition as malware and delete it. :D