On Sat, Jul 14, 2018 at 05:19:29PM +0200, LoneVVolf wrote:
On 14-07-18 16:52, David Murray via arch-general wrote:
Greetings,
My nightly full-system ClamAV scan kicked out this last night:
/var/cache/pacman/pkg/systemd-238.133-4-x86_64.pkg.tar.xz: Unix.Trojan.Vali-6606621-0 FOUND
Is this something I should be concerned about?
TIA, Dave
https://www.virustotal.com/#/file/1aef694958c06497a8c5e98b0e6914b2a9af48faff...
That shows 2 engines that detect something, Baidu and ClamAV .
https://pcfixguides.com/how-to-effectively-remove-unix-trojan-vali-6606621-0...
It appears to be able to infect windows and Mac systems, and does look threatening.
Not sure who should look into this, but Arch Security Team seems most applicable. https://wiki.archlinux.org/index.php/Arch_Security_Team
LW
Nobody. What's the point of running a scan of a host from that host itself? And on top of that, the suspected malware has already been executed because you mention a pkg in the cache... Anyway, a brief google search reveals that this particular trojan turned up in many distros, so it is most likely a false positive. Cheers, -- Leonid Isaev