On Wed, 2014-02-05 at 15:17 -0500, Gene Heskett wrote:
> On Wednesday 05 February 2014 15:15:07 Alan Stern did opine:
>
> > On Wed, 5 Feb 2014, Gene Heskett wrote:
> > > Greetings;
> > >
> > > The daily system scan is fussing about
> > > /home/gene/src/linux-3.8.2/Documentation/usb/gadget_multi.txt:
> > > MBL_400944.UNOFFICIAL FOUND
> > > /home/gene/src/linux-3.12.6/Documentation/usb/gadget_multi.txt:
> > > MBL_400944.UNOFFICIAL FOUND
> > > /home/gene/src/linux-3.8.3/Documentation/usb/gadget_multi.txt:
> > > MBL_400944.UNOFFICIAL FOUND
> > > /home/gene/src/linux-3.12.9/Documentation/usb/gadget_multi.txt:
> > > MBL_400944.UNOFFICIAL FOUND
> > > /home/gene/src/linux-3.4.36/Documentation/usb/gadget_multi.txt:
> > > MBL_400944.UNOFFICIAL FOUND
> > > /home/gene/src/linux-3.0.69/Documentation/usb/gadget_multi.txt:
> > > MBL_400944.UNOFFICIAL FOUND
> > > /home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt:
> > > MBL_400944.UNOFFICIAL FOUND
> > >
> > > But https://virustotal.com thinks otherwise.
> >
> > Gene:
> >
> > I have had annoying experiences with false positives from the MBL
> > database in the past. Since the number of valid matches from that
> > database (for my workload) been quite small, I have dropped it
> > entirely.
> >
> >
> It turned out that more links confirmed it as a high level threat, to win32
> systems, by exposing your passwords. First reported in 2011, so I am
> posting to lkml about it, complete with the links that confirm it.
You do realize this is *JUST* the Kernel Source Documentation in the USB
tree... These particular files *ARE NOT* a password snooper. Come on
Gene THINK. Reporting this to the LKML, will more than likely be
ignored.
Please do yourself a favor and consider what it is you are looking at
before you report things like this... there is *NO* way that this one
file included in many kernel sources is intended for Windows Password
Snooping/Revealer.
I can see why it might be found as a REAL threat for someone that
doesn't understand why many time Documentation is flagged...
It is a pattern matching "match" this file talks about Encryption and
methods used to work with a Composite USB gadget... which are used in
negotiations with Windows. This fail mentions RDNIS and CDC ACM and
mentions Microsoft MSDN library articles containing info... and well. Of
course some UNOFFICIAL test patterns are going to flag off it.
Have you *LOOKED AT* or *READ* the file(s)? from your Linux machine?
Please do that before going forward. But I see you've already availed
yourself to the LKML.
Oh well.
--
greg folkert - systems administration and support
web: donor.com
email: g...@donor.com
phone: 877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
"Time flies over us, but leaves it shadow behind."
-- Nathaniel Hawthorne
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
