On Tue, Jan 02, 2018 at 09:40 AM, lejeczek wrote: > I'd like to ask if your minder, if you mine crypto conins that is, often pop > up in clamav? > > I have this one: https://github.com/sammy007/cpuminer-multi > <https://github.com/sammy007/cpuminer-multi> > > and it gets flagged as: > > ./cpuminer-multi/minerd: Unix.Tool.Minerd-6404314-0 FOUND > > Would someone know something more about that code and why clamav sees it as > .. right, as what exactly? > > many thanks, L.
As others have said, clamAV correctly identifies it as a miner tool used on a unix system and you will need to either ignore it or add it to your local whitelist. FYI, the logical signature is: VIRUS NAME: Unix.Tool.Minerd-6404314-0 TDB: Target:6 LOGICAL EXPRESSION: (0&1&2&3&4) * SUBSIG ID 0 +-> OFFSET: ANY +-> SIGMOD: NONE +-> SUBSIGNATURE: 55736167653a206d696e657264205b4f5054494f4e535d Usage: minerd [OPTIONS] * SUBSIG ID 1 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: stratum+tcp:// * SUBSIG ID 2 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: User-Agent: cpuminer * SUBSIG ID 3 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: booooo * SUBSIG ID 4 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: blake -Al- -- Al Varnell ClamXAV user
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
