On 07/14/2018 11:29 AM, Ralf Mardorf wrote: > On Sat, 14 Jul 2018 10:06:36 -0600, Leonid Isaev via arch-general wrote: >> Anyway, a brief google search reveals that this particular trojan >> turned up in many distros, so it is most likely a false positive. > > As most, if not all detected malicious software on Linux hosts, but, > either way, I would upload it to https://www.clamav.net/reports/fp and > additionally I would compare results of different antivirus software, > at least by an online scan. The example was done with > systemd-239.0-2-x86_64.pkg.tar.xz, ͟n͟o͟t͟ with the version in your > cache: > > https://www.virustotal.com/#/file/d3b90812888f5d332d5f087688469ca5d2db701fa14c58d20cbde66526046220/detection > There was indeed a string of false positive in the systemd package, e.g. $ clamscan /var/cache/pacman/pkg/sys* /var/cache/pacman/pkg/sysfsutils-2.1.0-10-x86_64.pkg.tar.xz: OK /var/cache/pacman/pkg/sysfsutils-2.1.0-9-x86_64.pkg.tar.xz: OK /var/cache/pacman/pkg/syslinux-6.03-10-x86_64.pkg.tar.xz: OK /var/cache/pacman/pkg/sysstat-11.7.3-1-x86_64.pkg.tar.xz: OK /var/cache/pacman/pkg/systemd-238.133-1-x86_64.pkg.tar.xz: Unix.Trojan.Vali-6606621-0 FOUND /var/cache/pacman/pkg/systemd-238.133-2-x86_64.pkg.tar.xz: Unix.Trojan.Vali-6606621-0 FOUND /var/cache/pacman/pkg/systemd-238.133-4-x86_64.pkg.tar.xz: Unix.Trojan.Vali-6606621-0 FOUND /var/cache/pacman/pkg/systemd-238.76-1-x86_64.pkg.tar.xz: OK /var/cache/pacman/pkg/systemd-239.0-2-x86_64.pkg.tar.xz: OK /var/cache/pacman/pkg/systemd-sysvcompat-238.133-1-x86_64.pkg.tar.xz: OK /var/cache/pacman/pkg/systemd-sysvcompat-238.133-2-x86_64.pkg.tar.xz: OK /var/cache/pacman/pkg/systemd-sysvcompat-238.133-4-x86_64.pkg.tar.xz: OK /var/cache/pacman/pkg/systemd-sysvcompat-238.76-1-x86_64.pkg.tar.xz: OK /var/cache/pacman/pkg/systemd-sysvcompat-239.0-2-x86_64.pkg.tar.xz: OK submitted to clamav.net as false-positive report -- David C. Rankin, J.D.,P.E.
