Wanted to report a (possible) virus in icecat (45.5.1 for me, but someone on IRC was using 45.3.0 with at least one identical checksum of one of the related files). I'm not sure if this is a false positive, but I though it better to report it than to ignore it. Better to draw attention to a nonissue than ignore something dangerous.
I run clamdscan over my home directory daily and ran into a virus report using it. I won't go into great detail of what I did, how, and why, but long story short I removed any and all instances of the virus, rebooted, ran guix pull (I had to remove files in /gnu/store because they were apparently infected. I wasn't sure how or why, but I don't question viruses too much wrt what they can and can't do), rescanned /gnu/store (which came out clean), then reinstalled icecat. The relavant clamdscan output follows: /gnu/store/4jv2jr91pl7p7gwsi4bincvd19gn29hi-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected]: Win.Trojan.Toa-5370166-0 FOUND /gnu/store/4jv2jr91pl7p7gwsi4bincvd19gn29hi-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected]: Win.Trojan.Toa-5370166-0 FOUND /gnu/store/4jv2jr91pl7p7gwsi4bincvd19gn29hi-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected]: Win.Trojan.Toa-5370166-0 FOUND /gnu/store/4jv2jr91pl7p7gwsi4bincvd19gn29hi-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/features/[email protected]: Win.Trojan.Toa-5370166-0 FOUND /gnu/store/4jv2jr91pl7p7gwsi4bincvd19gn29hi-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected]: Win.Trojan.Toa-5370166-0 FOUND /gnu/store/4jv2jr91pl7p7gwsi4bincvd19gn29hi-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/omni.ja: Win.Trojan.Toa-5370166-0 FOUND /gnu/store/90xjd0x6hylkcxhf3gg3xjzf5sm2aj4d-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected]: Win.Trojan.Toa-5370166-0 FOUND /gnu/store/90xjd0x6hylkcxhf3gg3xjzf5sm2aj4d-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected]: Win.Trojan.Toa-5370166-0 FOUND /gnu/store/90xjd0x6hylkcxhf3gg3xjzf5sm2aj4d-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected]: Win.Trojan.Toa-5370166-0 FOUND /gnu/store/90xjd0x6hylkcxhf3gg3xjzf5sm2aj4d-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/features/[email protected]: Win.Trojan.Toa-5370166-0 FOUND /gnu/store/90xjd0x6hylkcxhf3gg3xjzf5sm2aj4d-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected]: Win.Trojan.Toa-5370166-0 FOUND /gnu/store/4jv2jr91pl7p7gwsi4bincvd19gn29hi-icecat-45.5.1-gnu1/lib/icecat-45.5.1/omni.ja: Win.Trojan.Toa-5370166-0 FOUND /gnu/store/90xjd0x6hylkcxhf3gg3xjzf5sm2aj4d-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/omni.ja: Win.Trojan.Toa-5370166-0 FOUND /gnu/store/90xjd0x6hylkcxhf3gg3xjzf5sm2aj4d-icecat-45.5.1-gnu1/lib/icecat-45.5.1/omni.ja: Win.Trojan.Toa-5370166-0 FOUND and for completeness sake, sha1sums of the files in question: for i in $(cat pastebit-this.txt | cut -d':' -f1); do sha1sum $i; done a0798a225f833c5fc495b7d34f842f6895430c05 /gnu/store/4jv2jr91pl7p7gwsi4bincvd19gn29hi-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected] 660a532ab26271d807484745549eb50c96e1d17d /gnu/store/4jv2jr91pl7p7gwsi4bincvd19gn29hi-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected] d1f71a8f48fb67096fd2317593662c93427ec200 /gnu/store/4jv2jr91pl7p7gwsi4bincvd19gn29hi-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected] 2352c47726144e6f3b16dbbfd851767ec4da12f4 /gnu/store/4jv2jr91pl7p7gwsi4bincvd19gn29hi-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/features/[email protected] f514044393bbcb35fd416f8934cc5796668880de /gnu/store/4jv2jr91pl7p7gwsi4bincvd19gn29hi-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected] e33f82770d29052967ea554a64fa3c2abbaa654b /gnu/store/4jv2jr91pl7p7gwsi4bincvd19gn29hi-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/omni.ja 660a532ab26271d807484745549eb50c96e1d17d /gnu/store/90xjd0x6hylkcxhf3gg3xjzf5sm2aj4d-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected] a0798a225f833c5fc495b7d34f842f6895430c05 /gnu/store/90xjd0x6hylkcxhf3gg3xjzf5sm2aj4d-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected] d1f71a8f48fb67096fd2317593662c93427ec200 /gnu/store/90xjd0x6hylkcxhf3gg3xjzf5sm2aj4d-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected] 2352c47726144e6f3b16dbbfd851767ec4da12f4 /gnu/store/90xjd0x6hylkcxhf3gg3xjzf5sm2aj4d-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/features/[email protected] f514044393bbcb35fd416f8934cc5796668880de /gnu/store/90xjd0x6hylkcxhf3gg3xjzf5sm2aj4d-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/extensions/[email protected] 46a63a6d5a0fc94ee2646a6079cba38fb16715d9 /gnu/store/4jv2jr91pl7p7gwsi4bincvd19gn29hi-icecat-45.5.1-gnu1/lib/icecat-45.5.1/omni.ja e33f82770d29052967ea554a64fa3c2abbaa654b /gnu/store/90xjd0x6hylkcxhf3gg3xjzf5sm2aj4d-icecat-45.5.1-gnu1/lib/icecat-45.5.1/browser/omni.ja 46a63a6d5a0fc94ee2646a6079cba38fb16715d9 /gnu/store/90xjd0x6hylkcxhf3gg3xjzf5sm2aj4d-icecat-45.5.1-gnu1/lib/icecat-45.5.1/omni.ja I'm hoping this is a false positive. I run Guix ontop of Gentoo and have also found the same Trojan appearing in Firefox-related files in my home directory, as well as in Wine directories (I didn't record the exact directories, but I think they were something like ../drive_c/windows/sys?????/gecko/ or something like that. Don't trust this 100%).
