Some of this post may be off-topic, in that it started with a security alert for Devuan; this led me to run some scans of my own system, just to make sure something bad hasn't crept in while I was relaxing, and staying offline most of the time.
That Devuan alert is here: https://linuxiac.com/devuan-users-are-at-risk/ https://web.archive.org/web/20230429000520/https://linuxiac.com/devuan-users...
I did check my system, and login as root is disabled. At present, I am the only user on any of my machines or devices, and this is usually how it goes for me. If others want to get on the internet or whatever, let them bring their own box. So anyway, I believe that I am probably okay there.
But then I decided to run a full scan of my system (still running). When I ran klamav, I got some surprising hits, and some of these look like they ought to be important enough for TDE users to know about. Thus my justification for including the off-topic stuff as well.
I am not worried about the OpenOffice/LibreOffice extension, as it is quarantined and I don't use it, but I am curious about what it is, and if it is not perhaps a false positive. Also, I don't care about old emails that are marked as having a spoofed domain. They're archived; someday I'll dig out what they are and why I kept them.
What I am most concerned about are those .deb files that I downloaded. The clamav testfiles are supposed to ring the bell, I will guess, because they are made to test the program. But the other files are the boot image, so I wonder if that's normal for the boot image to set off the alarms in my antivirus program?
Bill
P.S. By the way: thanks to developers for adding klamav back to the great tools available from the old KDE3. I have been missing klamav, because it is much more customizable than other frontends for clamav. There is one called clamtk that sorta worked, but I didn't like it.
On Fri May 5 2023 15:15:59 William Morder via tde-users wrote:
What I am most concerned about are those .deb files that I downloaded. The clamav testfiles are supposed to ring the bell, I will guess, because they are made to test the program. But the other files are the boot image, so I wonder if that's normal for the boot image to set off the alarms in my antivirus program?
Hi Bill,
Clam malware definitions are updated frequently. Sometimes they detect kernels or core dumps as executables but then issue warnings because they're not quite what Clam expects of an executable.
--Mike
On Friday 05 May 2023 15:39:02 Mike Bird via tde-users wrote:
On Fri May 5 2023 15:15:59 William Morder via tde-users wrote:
What I am most concerned about are those .deb files that I downloaded. The clamav testfiles are supposed to ring the bell, I will guess, because they are made to test the program. But the other files are the boot image, so I wonder if that's normal for the boot image to set off the alarms in my antivirus program?
Hi Bill,
Clam malware definitions are updated frequently. Sometimes they detect kernels or core dumps as executables but then issue warnings because they're not quite what Clam expects of an executable.
--Mike
Thanks, Mike!
I figured that it must be something like that, though I didn't know why. The others I could dismiss for various reasons, but the kernel was unexpected.
Bill
-
Mike Bird -
William Morder