Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Dr.Web for linux finds one trojan and one exploit

Here you can discuss every aspect of Debian. Note: not for support requests!
Message
Author
User avatar
thanatos_incarnate
Posts: 717
Joined: 2012-11-04 20:36

Re: Dr.Web for linux finds one trojan and one exploit

#16 Post by thanatos_incarnate »

edbarx wrote:
Weird that it shows signed packages of LaTeX files and fonts as malware.
LaTeX can be used to create professional documents and even to publish books. That 'malware' is better kept at bay as it is a nasty competitor for commercial alternatives.
:lol:

tomazzi
Posts: 730
Joined: 2013-08-02 21:33

Re: Dr.Web for linux finds one trojan and one exploit

#17 Post by tomazzi »

NFT5 wrote:Anyway, just in the moment, I'll have to write an "unbiased" report about how the guys are dealing with the "community"...
...
No problem. I'll look forward to it.
mm5375 wrote:I'm running Jessie testing and have the latest Dr.Web anti virus for Linux running on top of it. After full system scan Dr.Web is reporting that it found trojan in texlive-latex-base_2015.20150823-1_all.deb. It also reports that it has found exploit Exploit:Win32/CVE-2015-2426 in
http://www.microsoft.com/security/porta ... -2015-2426
This CVE is not related to Debian - it is related to Winblows... In other words, Dr. Web is just a stupid malware, which is unable to recognize what platform it is running on... Oh, crap... :)

But, what's even more funny, when You'll search for that particular CVE number, then it shows up that it is *not* related to LateX, but to a "Windows Adobe Type Manager Library":
http://www.cvedetails.com/cve/CVE-2015-2426/

... conclusion:

Dr. Web is a malware itself - it is trying to cheat the users, and I suppose that not only GNU/Linux users...

Regards.
Odi profanum vulgus

User avatar
NFT5
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 597
Joined: 2014-10-10 11:38
Location: Canberra, Australia
Has thanked: 10 times
Been thanked: 43 times

Re: Dr.Web for linux finds one trojan and one exploit

#18 Post by NFT5 »

Except that I didn't use Dr. Web. I used clamav.

tomazzi
Posts: 730
Joined: 2013-08-02 21:33

Re: Dr.Web for linux finds one trojan and one exploit

#19 Post by tomazzi »

Perhaps You should read more about clamAV - it's main purpose is to clear the e-mails from *WIN* viruses when running on a GNU/Linux servers...
Odi profanum vulgus

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Dr.Web for linux finds one trojan and one exploit

#20 Post by GarryRicketson »

tomazzi wrote:Perhaps You should read more about clamAV - it's main purpose is to clear the e-mails from *WIN* viruses when running on a GNU/Linux servers...
All though that is the "main purpose", it is very help full in scanning the entire system, even if it is not a "mail server" or even a public server, but any way, like everything,
reading docs, manuals , etc. does lead to knowing a lot more about using a program ,as well as a OS, clamav does have some mailing lists, and a lot of info available,
The main reason I use and like it, is it helps me scan my system, quickly and semi-automatically, I am aware that there it is possible (very unlikely though") "things" that have not even made it into the clamav data bases, and would not even show up in the scans done. Most of the "detected" stuff, is probably "false/positive", but the thing is, the files it detects, are files that get into my system, via internet, and they are not files I want or need, clamav makes it easy to locate, and delete those kind of files, I don't really even care if they are false positive or not, and stopped checking that a long time ago, just delete them, and forget it.
To get a complete understanding, (I probably only "scratch the surface",) but any way to understand more about what is going on:
http://www.clamav.net/
http://www.clamav.net/contact
http://www.clamav.net/documents/installing-clamav
Then more:

Code: Select all

 $ man -k clam
clamtk (1)           - Graphical user interface (gui) for Clam AntiVirus
clamav-unofficial-sigs (8) - Download, test, and install third-party ClamAV ...
clambc (1)           - Bytecode Analysis and Testing Tool
clamconf (1)         - Clam AntiVirus configuration utility
clamd (8)            - an anti-virus daemon
clamd.conf (5)       - Configuration file for Clam AntiVirus Daemon
clamdscan (1)        - scan files and directories for viruses using Clam Ant...
clamdtop (1)         - monitor the Clam AntiVirus Daemon
clamscan (1)         - scan files and directories for viruses
clamsubmit (1)       - File submission utility for ClamAV
freshclam (1)        - update virus databases
freshclam.conf (5)   - Configuration file for Clam AntiVirus database update...
garry@debian:~$ man clamd
garry@debian:~$ man clamscan
garry@debian:~$ man clamtop
No manual entry for clamtop
garry@debian:~$ man clamdtop
garry@debian:~$ man clamtk
There is enough information in the above, even if I had the time, it would take a week, or more, studying it all day, every day, for me to completely understand most of it, others may be able to grasp the concepts,and how to do things faster.
Another "free open source" tool, and many are going to say "How can that be use full to
detect viruses or mal-ware ?",
But any way, "ImageMacick" is a important "tool", why ?
Some of the biggest sources of "mal-ware" or virus type things are images , downloaded form unclean, infected sites, imagemacick , can be very use full in determining if a image is safe, and clean.
The image can be "disinfected", or cleaned, with out damaging the image, but generally it is easier just to delete the infected image, and , find a clean one. For more details on that, some good searches, and research would be productive.
This has a bunch of stuff I find interesting, I don't know if others will , but any way
here it is:
How to use imagemagick to find embedded malware or viruses in images

http://www.perlmonks.org/?node_id=798222
And
http://security.stackexchange.com/quest ... -and-virus
I kind of "scratched the surface" on this, but the first time I heard of the problems infected images can cause, was at another forum, a website/forum admin was having a lot of problems,with spam, and the "spammers" kept coming back, when I looked at the site, it turned out it was full of infected images, none of which were detected by various, "anti-virus" scanners, a lot of images had "hidden code" that actually was helping even more spam bots access the site.

User avatar
edbarx
Posts: 5401
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E
Been thanked: 2 times

Re: Dr.Web for linux finds one trojan and one exploit

#21 Post by edbarx »

thanatos_incarnate wrote:
edbarx wrote:
Weird that it shows signed packages of LaTeX files and fonts as malware.
LaTeX can be used to create professional documents and even to publish books. That 'malware' is better kept at bay as it is a nasty competitor for commercial alternatives.
:lol:
No lockins, no unpredictable text formatting, no 'random' document distortion, no 'intelligent' guesswork that breaks your intended document format, high quality mathematical support without external progams, high quality suitable for academic books...

The price: a steep learning curve :D :P

:mrgreen:
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.

Post Reply