Hi Maciej, On 2025-02-21 14:21, Maciej Krakowiak wrote: > Package: libcap-dev > > Version: 1:2.66-4 > > Recently, I have observed that the file "exploit," which sits in the > "tests" catalog, has been flagged as malicious by different scanning > engines. > > I think this might be expected,
yes, this can only be a false positive. The test is designed to attempt an exploit, which is expected to fail. Looking at tests/exploit.c, I assume this was flagged by name or keywords, as it doesn't contain any operation that looks suspicious, at least immediately. > but I was wondering if anything > has changed recently, as this file was not flagged before. There have been meaningful changes since the initial release with Debian package version 1:2.45-1, see [1]. Unless you have a reasonable objection, I'd like to close this bug. In any case, thanks for the report, better to be safe than sorry. Best, Christian > This has been flagged on different OS distributions. > > Example of Virus Total report: https://www.virustotal.com/gui/ > file/8c8d3b51fc454748ab8aea76a329cccca95e1e683d1a879a8b90aaa1d7158792 > <https://www.virustotal.com/gui/ > file/8c8d3b51fc454748ab8aea76a329cccca95e1e683d1a879a8b90aaa1d7158792> [1]: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/log/tests/exploit.c
