As the title says, Clam Antivirus (32 bit version) reports:
/usr/local/bin/pnscan: Unix.Malware.Agent-7186126-0 FOUND.
It was reported on PuppyTahr v.6.0.5 (32-bit).
This may only be a false positive, but it would be interresting to investigate further...
Can anyone else check this on either the 32/64 bit versions?
bpuppy
ClamAv reports a malware in /usr/local/bin/pnscan
- fabrice_035
- Posts: 765
- Joined: Mon 28 Apr 2014, 17:54
- Location: Bretagne / France
Hi,
From BionicPup64
Compil today from https://github.com/ptrrkssn/pnscan
???
From BionicPup64
Code: Select all
root# pnscan -V [PNScan, version 1.11 - Dec 11 2016 14:53:52]
Compil today from https://github.com/ptrrkssn/pnscan
Code: Select all
root# ./pnscan -V
[PNScan, version 1.13 - Jun 8 2020 16:41:13]
???
Bionicpup64-8.0 _ Kernel 5.4.27-64oz _ Asus Rog GL752
There's an apparently related thread on LinuxQuestions.org:
https://www.linuxquestions.org/question ... 175630929/
https://www.linuxquestions.org/question ... 175630929/
- perdido
- Posts: 1528
- Joined: Mon 09 Dec 2013, 16:29
- Location: ¿Altair IV , Just north of Eeyore Junction.?
Out of curiosity I downloaded 4 versions of tahr from the ibiblio repository
http://distro.ibiblio.org/puppylinux/puppy-tahr/iso/
This is what clam says
tahr64-6.0.5.iso - /usr/local/bin/pnscan: Unix.Malware.Agent-6327832-0 FOUND
tahr-6.0.5_PAE.iso - /usr/local/bin/pnscan: Unix.Malware.Agent-7186126-0 FOUND
-------------------
Nothing found in either tahr 6.0.6 version
tahr-6.0.6-uefi.iso was clean
tahr64-6.0.6-uefi.iso was clean
###############################################
I also scanned the latest bionicpups 64-bit & 32-bit
bionicpup64-8.0-uefi.iso - /usr/local/bin/pnscan: Unix.Malware.Agent-7186126-0 FOUND
-------------------
bionicpup32-8.0-uefi.iso was clean.
This could be false positives but who knows? I sure don't.
This post is for informational purposes only. You make your own determinations.
Have fun!
http://distro.ibiblio.org/puppylinux/puppy-tahr/iso/
This is what clam says
tahr64-6.0.5.iso - /usr/local/bin/pnscan: Unix.Malware.Agent-6327832-0 FOUND
tahr-6.0.5_PAE.iso - /usr/local/bin/pnscan: Unix.Malware.Agent-7186126-0 FOUND
-------------------
Nothing found in either tahr 6.0.6 version
tahr-6.0.6-uefi.iso was clean
tahr64-6.0.6-uefi.iso was clean
###############################################
I also scanned the latest bionicpups 64-bit & 32-bit
bionicpup64-8.0-uefi.iso - /usr/local/bin/pnscan: Unix.Malware.Agent-7186126-0 FOUND
-------------------
bionicpup32-8.0-uefi.iso was clean.
This could be false positives but who knows? I sure don't.
This post is for informational purposes only. You make your own determinations.
Have fun!
/usr/sbin/mpscan
/usr/bin/pscan
/usr/bin/ipsort
/usr/bin/pnscan
root/packages/builtin_files/pnscan
root/packages/builtin_files/file_sharing-curlftpfs-mpscan
Tried a ClamwinScan as an alternative, Didn't find anything suspect in Artfulpup. I am guessing it will be the same in Tahrpup and Bionic.
that pscan file is a symbolic link to busybox, 703kb or 17bytes depending on where you look.
/usr/bin/pscan
/usr/bin/ipsort
/usr/bin/pnscan
root/packages/builtin_files/pnscan
root/packages/builtin_files/file_sharing-curlftpfs-mpscan
Tried a ClamwinScan as an alternative, Didn't find anything suspect in Artfulpup. I am guessing it will be the same in Tahrpup and Bionic.
that pscan file is a symbolic link to busybox, 703kb or 17bytes depending on where you look.
- Attachments
-
- puppy-scan.png
- (41.05 KiB) Downloaded 120 times
hi,
this was also mentioned on the bionicpup64 thread.
this was also mentioned on the bionicpup64 thread.
i think the 32bit pnscan in /usr/local/bin got into the distro by woofce grabbing the wrong peasyport.pet which includes pnscan.
interestingly the 64bit pnscan (which is the official ubuntu version) in /usr/bin is also detected as malware when uploaded to virustotal, although clamav misses it.
it seems that it can be used as a hacktool and is not malware in itself. see this post at pnscans github page https://github.com/ptrrkssn/pnscan/issues/2
Bionicpup64 built with bionic beaver packages http://murga-linux.com/puppy/viewtopic.php?t=114311
Xenialpup64, built with xenial xerus packages http://murga-linux.com/puppy/viewtopic.php?t=107331
Xenialpup64, built with xenial xerus packages http://murga-linux.com/puppy/viewtopic.php?t=107331