[PLUG] What is this please?

[Rahul Sundaram]

म.हा.सा.ग.र wrote:
> A good Virus scanner on non-linux platform caught these in the rpm
> packages kept there...
> 
> \clamav-0.94.1-1.el4.rf.i386.rpm=]clamav-0.94.1-1.el4.rf.gz=](gzip)=]./usr/share/doc/clamav-0.94.1/test/.split/split.clam-pespin.exeaa"
> threatType="virus" threatName="Packer.PESpin.A" action="none"
> finalStatus= "infected" error= "infected archive"/>
> \clamav-0.94.1-1.el4.rf.i386.rpm=]clamav-0.94.1-1.el4.rf.gz=](gzip)=]./usr/share/doc/clamav-0.94.1/test/clam-upack.exe"
> threatType="virus" threatName="Trojan.Generic.713045" action="none"
> finalStatus= "infected" error= "infected archive"/>
> \clamav-0.94.1-1.el4.rf.i386.rpm=]clamav-0.94.1-1.el4.rf.gz=](gzip)=]./usr/share/doc/clamav-0.94.1/test/clam-mew.exe"
> threatType="virus" threatName="Trojan.Generic.776592" action="none"
> finalStatus= "infected" error= "infected archive"/>
> \clamav-0.94.1-1.el4.rf.i386.rpm=]clamav-0.94.1-1.el4.rf.gz=](gzip)=]./usr/share/doc/clamav-0.94.1/test/clam-aspack.exe"
> threatType="virus" threatName="Trojan.Generic.978200" action="none"
> finalStatus= "infected" error= "infected archive"/>
> 
> Any thoughts on this are welcome...
> 
> Maybe a food for thought for people concerned with *el4* distribution..

You mean, a not so good virus scanner as this is classic case of false 
warnings. Clamav is a anti-virus scanner in Linux that is primary used 
to scan Windows viruses. In this case, these packages come from a third 
party repository called "rpmforge" and is build for EL 4 = Red Hat 
Enterprise Linux 4. Frequently, anti-virsuses will detect other virus 
scanners as viruses because they hold some of the same patterns when 
doing brute force string matching. A good anti-viruses program wouldn't 
just rely on string matches.

Rahul