On 1/21/2020 5:11 PM, Artemio González López via macports-users wrote:
Bitdefender has flagged two files from the db48 MacPorts port installed
in my Mac, namely
/opt/local/lib/db48/libdb_cxx-4.8.dylib
/opt/local/var/macports/software/db48/db48-4.8.30_4.darwin_17.x86_64.tbz2
which seem to be infected by something called
Gen:Variant.Application.MAC.Koiot.575
Does this sound plausible, or is it more likely a false positive? In any
case, I am thinking of reinstalling the port. Is this possible, and how
should I proceed? (uninstall first, perhaps, but what about dependents?).
Here’s what ls reports about this files:
-rwxr-xr-x 1 macports admin 1302356 Sep 27 2017
/opt/local/lib/db48/libdb_cxx-4.8.dylib
-rw-r--r-- 1 macports wheel 19951871 Mar 15 2018
/opt/local/var/macports/software/db48/db48-4.8.30_4.darwin_17.x86_64.tbz2
VirusTotal doesn't report anything for
http://packages.macports.org/db48/db48-4.8.30_4.darwin_17.x86_64.tbz2:
see
https://www.virustotal.com/gui/url/c368d42293be904ef4710ad8ac1790b476e48ccdc8763c0267def2985222aad5/
But extracting libdb_cxx-4.8.dylib from that archive and uploading, it
*does* report positive from BitDefender and a few other engines, however
most other engines do not detect anything: see
https://www.virustotal.com/gui/file/2ce2eb2cc146cff38a87c2243dc125b60836f379fbd763e7963d7a9c05e54f0e/
