On a test server after a very long period of not detecting anything CLAM AV started reporting that it was seeing:
/clamscan/servers/mudlake/opt/Dave/nmap-4.03.tgz: Trojan.Spy-27244 FOUND /clamscan/servers/mudlake/opt/Dave/nmap-4.03/mswin32/winpcap/Packet.dll: Trojan.Spy-27244 FOUND /clamscan/servers/mudlake/opt/Dave/nmap-4.03/mswin32/winpcap/WanPacket.dll: Trojan.Spy-27239 FOUND and: /clamscan/servers/mudlake/rootdir/usr/src/packages/BUILD/nmap-4.03/mswin32/winpcap/Packet.dll: Trojan.Spy-27244 FOUND /clamscan/servers/mudlake/rootdir/usr/src/packages/BUILD/nmap-4.03/mswin32/winpcap/WanPacket.dll: Trojan.Spy-27239 FOUND /clamscan/servers/mudlake/rootdir/usr/src/packages/SOURCES/nmap-4.03.tgz: Trojan.Spy-27244 FOUND The files in these directories are unchanged since 2006 so I'm curious if this might be a false positive. I ran freshclam and re-scanned these the directories /opt/Dave and /usr/src and that didn't weed out a possible bad signature. While the person who owns /opt/Dave is currently not awake, this appears to be a 'roll your own' installation of nmap-4.03 and finding that on this system is not surprising. What worries me is that it seems to have found a match in the mswin32 directory and that this might be valid. How do I check on signature entries Trojan.Spy-27244 and Trojan,Spy-27239 for how recent they are, and is there another means to reality check this result. I am not above wiping these directories from the server, but I want to understand whether or not this is a real detection. Thanks! -J Disclaimer: Information in this message or an attachment may be government data and thereby subject to the Minnesota Government Data Practices Act, Minnesota Statutes, Chapter 13, may be subject to attorney-client or work product privilege, may be confidential, privileged, proprietary, or otherwise protected, and the unauthorized review, copying, retransmission, or other use or disclosure of the information is strictly prohibited. If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly delete this message from your computer system. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
