Since yesterday, ClamAV started to report: [clamAV_Log 20.12.2018 23:00:01] [clamAV_Log 20.12.2018 23:00:01] ------------------------------------------------------------------------------- [clamAV_Log 20.12.2018 23:00:01] [clamAV_Log 20.12.2018 23:00:01] /var/log/sid_changes.log: Multios.Coinminer.Miner-6781728-1 FOUND [clamAV_Log 20.12.2018 23:00:01] /usr/local/SVN/bin/snort/sid-msg.map: Multios.Coinminer.Miner-6781728-1 FOUND [clamAV_Log 20.12.2018 23:00:01] [clamAV_Log 20.12.2018 23:00:01] ----------- SCAN SUMMARY ----------- [clamAV_Log 20.12.2018 23:00:01] Known viruses: 6744079 [clamAV_Log 20.12.2018 23:00:01] Engine version: 0.100.2 [clamAV_Log 20.12.2018 23:00:01] Scanned directories: 119091 [clamAV_Log 20.12.2018 23:00:01] Scanned files: 405895 [clamAV_Log 20.12.2018 23:00:01] Infected files: 2 [clamAV_Log 20.12.2018 23:00:01] Data scanned: 32014.83 MB [clamAV_Log 20.12.2018 23:00:01] Data read: 32193.35 MB (ratio 0.99:1) [clamAV_Log 20.12.2018 23:00:01] Time: 2518.809 sec (41 m 58 s)
on all our Snort servers. snort/sid-msg.map contains Snort rules generated by PulledPork. (5 MB) /var/log/sid_changes.log is the log from PulledPork. (7 MB) Both are plain text files. Offhand, I do not see anything in either of them to warrant the classification. Is this expected behaviour? Should I upload the log and/or rules file as a false positive? Thanks, Tilman _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
