Public bug reported:
On an Ubuntu 24 system running Cisco AMP antivirus,
/usr/share/nmap/nselib/data/psexec/nmap_service.exe is flagged as
malware.
The README in the same directory notes that this binary is bundled
separately because it frequently triggers false alarms in AV software.
I see that this file wasn't included in the most recent nmap-common
available in debian bookworm (7.93). It looks like the Ubuntu 24 version
includes an obfuscated version of the binary at
/usr/share/nmap/nselib/data/psexec/nmap_service.ex_. It seems
unintentional that both an obfuscated and non-obfuscated version of the
same binary would be delivered, so is it possible for future versions to
go back to delivering the obfuscated version only?
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: nmap-common 7.94+git20230807.3be01efb1+dfsg-3build2
ProcVersionSignature: Ubuntu 6.8.0-54.56-generic 6.8.12
Uname: Linux 6.8.0-54-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.3
Architecture: amd64
CasperMD5CheckResult: pass
Date: Tue Feb 25 07:45:33 2025
InstallationDate: Installed on 2024-05-24 (277 days ago)
InstallationMedia: Ubuntu-Server 24.04 LTS "Noble Numbat" - Release amd64
(20240423)
PackageArchitecture: all
SourcePackage: nmap
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: nmap (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2099999
Title:
nmap_service.exe triggers false alarm in virus protection --
inadvertently included?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nmap/+bug/2099999/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
