Virus /trojan found during virus scan

1,263 views
Skip to first unread message

K2

unread,
Jan 11, 2017, 6:18:03 AM1/11/17
to RaspberryShake
HI

Has the software been scanned for malware ?   

Found three suspected infected files, deleted files. Unit online with no problems yet.



What firewall is compatible ?  GUFW  interferes with rpi-shake  program.

Thank you for creating a work of art.   

Thank you for your time. Have a great day.

Branden Christensen

unread,
Jan 11, 2017, 6:37:30 AM1/11/17
to RaspberryShake
Hi mate:


Good day and thank you for your message. 

Thank you for calling Shake a work of art!

The software was developed in Linux in an offline environment so the presence of malware, especially malware in the Windows sense, would be highly unlikely but we are certainly willing to inspect the suspected files!

Concerning malware and hacking in general, please see: http://manual.raspberryshake.org/hacked.html

Concerning firewalls, any should be compatible. In the end, it is just a matter of ensuring that your firewall has been properly configured. But Shake was designed in such a way that it would work with most default firewall configurations or would require very minimal tweeking. Concerning firewalls, see: http://manual.raspberryshake.org/firewallIssues.html

Welcome to the Raspberry Shake Community!


Yours, 



Branden Christensen
Director, OSOP


Get yours now! Visit shop.raspberryshake.org


--
Some useful links:
 
Manual: http://manual.raspberryshake.org/
Shop: https://shop.raspberryshake.org/
Website: http://raspberryshake.org/
Do It YourSelf Page: http://raspberryshake.org/do-it-yourself
---
You received this message because you are subscribed to the Google Groups "RaspberryShake" group.
To unsubscribe from this group and stop receiving emails from it, send an email to raspberryshake+unsubscribe@googlegroups.com.
To post to this group, send email to raspberryshake@googlegroups.com.
Visit this group at https://groups.google.com/group/raspberryshake.
To view this discussion on the web visit https://groups.google.com/d/msgid/raspberryshake/7a5187d5-3832-49d1-b09d-0c118b6bddfd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

K2

unread,
Jan 13, 2017, 7:12:58 AM1/13/17
to RaspberryShake


On Wednesday, January 11, 2017 at 9:18:03 PM UTC+10, K2 wrote:
HI

Has the software been scanned for malware ?   

Found three suspected infected files, deleted files. Unit online with no problems yet.



ClamTk, v5.20
Wed Jan 11 16:52:53 2017
ClamAV Signatures: 5535029
Directories Scanned:
/media/home/myshake/.npm/imurmurhash/0.1.4
/media/usr/lib/node_modules/npm/node_modules/imurmurhash
/media/usr/share/mime

Found 3 possible threats (36198 files scanned).

/media/home/myshake/.npm/imurmurhash/0.1.4/package.tgz                           PUA.Win.Trojan.Xored-1             
/media/usr/lib/node_modules/npm/node_modules/imurmurhash/imurmurhash.min.js      PUA.Win.Trojan.Xored-1             
/media//usr/share/mime/mime.cache                                                 PUA.Win.Exploit.CVE_2012_0110-1    
-----------------------------------------------------------------------------

Richard

unread,
Jan 13, 2017, 12:12:29 PM1/13/17
to RaspberryShake
Hello K2,

Thanks for the details.  I've looked into the files you identified and can report that these are false positives being reported by your ClamAV scanner.  To note: ClamAV is marking these as "possible" Windows threats, where these files are intended for Linux targets and do not run on Windows.  (not technically true since the imurumurhash.min.js file is javascript...)

The first two files are used to support the front-end configuration interface, which will be soon replaced with a new version, where these files will be removed.

The third file is not an executable; it contains only a list of all known file types on the system, i.e., nothing to be concerned about.

cheers,

richard
Reply all
Reply to author
Forward
0 new messages