The offending signature will be dropped in the next daily.cvd and revised. Until then, I'd suggest adding it to your local ignore database (.ign2). See https://www.clamav.net/documents/whitelist-databases for more information.
Thanks, demonduck On Wed, Feb 5, 2020 at 10:05 AM Mikael Bak <[email protected]> wrote: > Sorry. I sent sha512sum. Here is a sha256 hash: > > $ sha256sum netdata > 6ef626c4b3ab696027156ce41c7325f691931ac609ac487b19926794752a701e netdata > > On Wed, 5 Feb 2020 at 16:01, Mikael Bak <[email protected]> wrote: > > > > Hi, > > > > Here is the Virustotal link: > > > https://www.virustotal.com/gui/file/6ef626c4b3ab696027156ce41c7325f691931ac609ac487b19926794752a701e/detection > > > > And a hash: > > $ sha512sum netdata > > > eaeef4f8f9dbb5b4fd2dff5a8eebac9f7a2bdbb4b661e62bf5ec4be863a3f182f2702d837bb9974ce16fb91fe7f264ec22ab6a6a42dc68458d4136bfadcff4e3 > > netdata > > > > On Wed, 5 Feb 2020 at 15:30, demonduck <[email protected]> wrote: > > > > > > Mikael can you provide the hash and/or virustotal link for the > `/opt/netdata/bin/srv/netdata` sample? > > > > > > Thanks, > > > demonduck > > > > > > > > > On Wed, Feb 5, 2020 at 9:01 AM Mikael Bak <[email protected]> > wrote: > > >> > > >> Hi list, > > >> > > >> I found another signature in the daily.ldb that needs to be removed, > I think. > > >> > > >> Scan results on all our servers running Netdata: > > >> /opt/netdata/bin/srv/netdata: Unix.Dropper.Mirai-7540607-0 FOUND > > >> > > >> Found it in daily.ldb like this: > > >> > Unix.Dropper.Mirai-7540607-0;Engine:51-255,Target:6;0&1&2&3&4;557365722d4167656e743a2025732f2573;4e6f206368696c642070726f63657373;436f6e6e656374696f6e207265736574206279206e6574776f726b;4e6f74206120736f636b6574;536f636b6574206e6f7420636f6e6e6563746564 > > >> > > >> Searching the netdata binary for the above hex values give me these > strings: > > >> > > >> User-Agent: %s/%s > > >> No child process > > >> Connection reset by network > > >> Not a socket > > >> Socket not connected > > >> > > >> I think this rule should also be removed. > > >> > > >> Best regards, > > >> Mikael Bak > > >> > > >> _______________________________________________ > > >> > > >> clamav-users mailing list > > >> [email protected] > > >> https://lists.clamav.net/mailman/listinfo/clamav-users > > >> > > >> > > >> Help us build a comprehensive ClamAV guide: > > >> https://github.com/vrtadmin/clamav-faq > > >> > > >> http://www.clamav.net/contact.html#ml > > > > > > > > > _______________________________________________ > > > > > > clamav-users mailing list > > > [email protected] > > > https://lists.clamav.net/mailman/listinfo/clamav-users > > > > > > > > > Help us build a comprehensive ClamAV guide: > > > https://github.com/vrtadmin/clamav-faq > > > > > > http://www.clamav.net/contact.html#ml > > _______________________________________________ > > clamav-users mailing list > [email protected] > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
