I suspect that it's because there are several instances of malicious software that install xmr-stak unknowingly to the user who then become a miner bot for a cybercriminal.
If I were you I would just put it in a clamav.fp file so it will ignore your installation while still identifying any other instance that showed up. Sent from my iPad -Al- ClamXAV User > On Nov 18, 2021, at 23:23, happysmash27 via clamav-users > <clamav-users@lists.clamav.net> wrote: > > I decided to scan my entire /usr/ folder recently, as I heard about a > malicious package in NPM and wanted to be extra sure nothing got into my > system. I was slightly shocked when it finished, and it said there was 1 > infected file. Unfortunately it did not list exactly what that infected file > was, so I ran it again this time logging to a file and grepped that file for > "FOUND", and the result was: > > /usr/bin/xmr-stak: Multios.Coinminer.Miner-6781728-2 FOUND > > But... XMR-Stak is _supposed_ to be a crypto miner. That is what it does. I > installed it for that purpose, compiling it from source since I am on Gentoo. > > So... is this a false positive then? Or is this saying something else, like, > that my version of XMR-Stak has malicious code to mine on some bad actor's > pool instead of the one I tell it to mine in? > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
