On Sat, Jul 14, 2018 at 05:19:29PM +0200, LoneVVolf wrote: > On 14-07-18 16:52, David Murray via arch-general wrote: > > Greetings, > > > > My nightly full-system ClamAV scan kicked out this last night: > > > > /var/cache/pacman/pkg/systemd-238.133-4-x86_64.pkg.tar.xz: Unix.Trojan.Vali-6606621-0 FOUND > > > > Is this something I should be concerned about? > > > > TIA, > > Dave > > > https://www.virustotal.com/#/file/1aef694958c06497a8c5e98b0e6914b2a9af48faff736fcb42e3855377ee8e19/detection > > That shows 2 engines that detect something, Baidu and ClamAV . > > https://pcfixguides.com/how-to-effectively-remove-unix-trojan-vali-6606621-0-from-your-computer/ > > It appears to be able to infect windows and Mac systems, and > does look threatening. > > Not sure who should look into this, but Arch Security Team > seems most applicable. > https://wiki.archlinux.org/index.php/Arch_Security_Team > > LW Nobody. What's the point of running a scan of a host from that host itself? And on top of that, the suspected malware has already been executed because you mention a pkg in the cache... Anyway, a brief google search reveals that this particular trojan turned up in many distros, so it is most likely a false positive. Cheers, -- Leonid Isaev
