Bug report

Here you can discuss every aspect of Debian. Note: not for support requests!
Post Reply
Message
Author
Sbilko
Posts: 1
Joined: 2024-09-19 20:10
Has thanked: 1 time

Bug report

#1 Post by Sbilko »

Bug report: AVG antivirus found a Trojan in the debian ISO, please check the image.
Attachments
Screenshot_44.jpg
Top
User avatar
fabien
Forum Helper
Forum Helper
Posts: 1149
Joined: 2019-12-03 12:51
Location: Anarres (Toulouse, France actually)
Has thanked: 100 times
Been thanked: 260 times

Re: Bug report

#2 Post by fabien »

Code: Select all

$> sha256sum ./debian-12.7.0-amd64-DVD-1.iso 
a29f31d0848439b6705686c2302f671149e68593a8670a5ef130862b1952d89f  ./debian-12.7.0-amd64-DVD-1.iso
$> grep "a29f31d0848439b6705686c2302f671149e68593a8670a5ef130862b1952d89f" ./SHA256SUMS
a29f31d0848439b6705686c2302f671149e68593a8670a5ef130862b1952d89f  debian-12.7.0-amd64-DVD-1.iso
$> su -
Password:
#> mount -o loop,ro ./debian-12.7.0-amd64-DVD-1.iso /mnt/isos/
#> logout
$> mkdir /tmp/pim/
$> dpkg-deb --extract /mnt/isos/pool/main/p/python-importlib-metadata/python3-importlib-metadata_4.12.0-1_all.deb /tmp/pim/
$> cat /tmp/pim/usr/lib/python3/dist-packages/importlib_metadata-4.12.0.dist-info/RECORD 
importlib_metadata-4.12.0.dist-info/METADATA,sha256=293c714dab532597e546593b9824a33c944450aaa34e48892fda0403eb07d924,3995
importlib_metadata-4.12.0.dist-info/RECORD,,
importlib_metadata-4.12.0.dist-info/WHEEL,sha256=1b5e87e00dc87a84269cead8578b9e6462928e18a95f1f3373c9eef451a5bcc0,92
importlib_metadata-4.12.0.dist-info/top_level.txt,sha256=a186f46d5faa2be1c370cc2aef853bfef58212d54874311ec09edaf9b49e4d3f,26
importlib_metadata/__init__.py,sha256=6df7131cc2a66d844860b43cd013404664c794f135ce31aa39dcca5d0cb0316a,31383
importlib_metadata/_adapters.py,sha256=07a7c28b9fbc98b543154663de4ac8e67028fa62a9d5d1ffa886afc88c85ac9b,1862
importlib_metadata/_collections.py,sha256=089d0e4c21c88d6034648552e2fa0e440b27d91e11d9c40112d3ec6442690126,743
importlib_metadata/_compat.py,sha256=f7338a7f478382408c9e7684854e64415c477753fc048615ed2b6ca3b6afe61f,1857
importlib_metadata/_functools.py,sha256=3ec636fb8aeb297e1155e442d681a9d65075a660bd78a37cf3f7fe6c3f6e3a80,2895
importlib_metadata/_itertools.py,sha256=72faffdaff0145bc5c225e71e6575fa9d1e3848f188bcb3cca4e741bf9e6ea34,2068
importlib_metadata/_meta.py,sha256=fc5e3c1eefe317191f296cf9c1c612f2f3b6dea13281b55d17dafeeaa87e8631,1154
importlib_metadata/_text.py,sha256=1c2b0592c66924b7933f734493f9e0ac079755146d4ebb7287d78e001a113f80,2166
importlib_metadata/py.typed,sha256=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855,0
$>
Checked.
ImageShare your Debian SCRIPTS
There will be neither barrier nor walls, neither official nor guard, there will be no more desert and the entire world will become a garden. — Anacharsis Cloots
Top
User avatar
Diesel330
Posts: 191
Joined: 2021-11-08 19:57
Location: Eastern Europe
Has thanked: 39 times
Been thanked: 25 times

Re: Bug report

#3 Post by Diesel330 »

Please explain why this is a false alert... I don't trust any Windows antivirus but why they think Debian ISO is a malware?
Top
User avatar
fabien
Forum Helper
Forum Helper
Posts: 1149
Joined: 2019-12-03 12:51
Location: Anarres (Toulouse, France actually)
Has thanked: 100 times
Been thanked: 260 times

Re: Bug report

#4 Post by fabien »

I don't know what they do, ask them. Malwares are supposed to be programs, right? How could this be anything other than innocuous? I don't think this needs any further explanation. They just stumbled upon a match in their signatures database.
ImageShare your Debian SCRIPTS
There will be neither barrier nor walls, neither official nor guard, there will be no more desert and the entire world will become a garden. — Anacharsis Cloots
Top
CwF
Global Moderator
Global Moderator
Posts: 3059
Joined: 2018-06-20 15:16
Location: Colorado
Has thanked: 63 times
Been thanked: 253 times

Re: Bug report

#5 Post by CwF »

Diesel330 wrote: 2024-09-20 18:34 why they think Debian ISO is a malware?
likely a code match for manipulating boot sectors, efi and the like.
Why do you feel the need to check with such a tool?
Mottainai
Top
User avatar
FreewheelinFrank
Global Moderator
Global Moderator
Posts: 2337
Joined: 2010-06-07 16:59
Has thanked: 45 times
Been thanked: 256 times

Re: Bug report

#6 Post by FreewheelinFrank »

Diesel330 wrote: 2024-09-20 18:34 Please explain why this is a false alert... I don't trust any Windows antivirus but why they think Debian ISO is a malware?
It's called a false positive. A mistake by the company. In this case it's only Avast/AVG (same company now) that detects the file as malware.

https://www.virustotal.com/gui/file/e4c ... ?nocache=1

I have submitted the file to Avast/AVG for reanalysis so they can remove the false positive detection. This can take 48 hours, then it takes some time for the detection database to be updated.

I will keep an eye on the VirusTotal page and report when the detection is removed.
Top
User avatar
Diesel330
Posts: 191
Joined: 2021-11-08 19:57
Location: Eastern Europe
Has thanked: 39 times
Been thanked: 25 times

Re: Bug report

#7 Post by Diesel330 »

CwF wrote: 2024-09-20 20:04
Diesel330 wrote: 2024-09-20 18:34 why they think Debian ISO is a malware?
likely a code match for manipulating boot sectors, efi and the like.
Why do you feel the need to check with such a tool?
I don't, but I understand that some new users that they are used to corporate products they can be suspicious with community based products because they are not so polished and the support not professional so they put the wolf to guard the sheep
Top
Post Reply

Return to “General Debian”