The only file that was flagged as containing a virus (trojan) was "wintest.py" in the "wintest" directory of the Samba source code. This sounds like it's only a file for testing Samba (when built for Windows?), and, unless it's something really sneaky, shouldn't be able to affect a running Samba.
The bug is called "BadLock", and, since Microsoft is working on it too, I'd guess it's an SMB protocol bug. Furthermore, some years ago MS was stonewalling Samba. If it were a Samba-only bug, MS probably wouldn't actively work on it, but rather would use it to tout the advantages of Windows Server. Paul Kosinski On Thu, 31 Mar 2016 10:51:55 +1100 Andrew McGlashan <andrew.mcglas...@affinityvision.com.au> wrote: > > > On 31/03/2016 5:32 AM, Alain Zidouemba wrote: > > Paul: > > > > Thanks for reporting this FP. This will be fixed momentarily. > > Is it really a false positive? > > There has been a heads up that SAMBA code has a problem and that both > Microsoft and Samba are working on a solution that will be released on > the next patch Tuesday..... > > That download could be part of this somehow, I don't know. But it > shouldn't blindly be considered a FP, that's for sure! > > > - Alain > > > > On Wed, Mar 30, 2016 at 2:18 PM, Paul Kosinski > > <clamav-us...@iment.com> wrote: > > > >> I just downloaded samba-4.4.0.tar.gz (the latest) from samba.org, > >> and, after downloading via HTTPS, ClamAV (0.99.1/21479) reports > >> that the gz file contains Win.Trojan.Qhost-106. In particular, the > >> single file wintest.py in the subdirectory wintest is reported. > > Kind Regards > AndrewM > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
