clamav reports Unix.Trojan.Mirai-7640640-0 FOUND

For discussions about security.
Post Reply
HerrBert
Posts: 333
Joined: Mon Jul 13, 2020 6:14 pm
Location: Germany, NRW
Has thanked: 17 times
Been thanked: 112 times

clamav reports Unix.Trojan.Mirai-7640640-0 FOUND

Post by HerrBert »

Hello.

After i had to fiddle a bit with ScPup64's devx, i was able to compile clamav-0.103.0 recently.

I started a basic scan of a backup drive and clamav reports a match:

/mnt/sdb2/slacko64-632/initrd.gz: Unix.Trojan.Mirai-7640640-0 FOUND

In the old forum i have read about Mirai infecting busybox, but when i expanded initrd.gz and scanned it, it doesn't report busybox to be infected but:

Code: Select all

# clamscan -i -o -r initrd-expanded/
/root/initrd-expanded/bin/fusermount: Unix.Trojan.Mirai-7640640-0 FOUND
/root/initrd-expanded/bin/modprobe: Unix.Trojan.Mirai-7640640-0 FOUND
/root/initrd-expanded/bin/hotplug2stdout_notimeout: Unix.Trojan.Mirai-7640640-0 
FOUND
/root/initrd-expanded/bin/grep: Unix.Trojan.Mirai-7640640-0 FOUND
/root/initrd-expanded/bin/modinfo: Unix.Trojan.Mirai-7640640-0 FOUND
/root/initrd-expanded/bin/waitmax: Unix.Trojan.Mirai-7640640-0 FOUND
/root/initrd-expanded/bin/disktype: Unix.Trojan.Mirai-7640640-0 FOUND
/root/initrd-expanded/bin/lsmod: Unix.Trojan.Mirai-7640640-0 FOUND
/root/initrd-expanded/bin/cp: Unix.Trojan.Mirai-7640640-0 FOUND
/root/initrd-expanded/bin/elspci: Unix.Trojan.Mirai-7640640-0 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 8881905
Engine version: 0.103.0
Scanned directories: 45
Scanned files: 82
Infected files: 10
Data scanned: 5.89 MB
Data read: 5.21 MB (ratio 1.13:1)
Time: 27.041 sec (0 m 27 s)
Start Date: 2020:12:23 17:08:40
End Date:   2020:12:23 17:09:07
#

I have used this frugal install for at least one year.
Do i have to be worried about it?

Top
User avatar
rockedge
Site Admin
Posts: 5746
Joined: Mon Dec 02, 2019 1:38 am
Location: Connecticut,U.S.A.
Has thanked: 2023 times
Been thanked: 2110 times
Contact:
Contact rockedge

Re: clamav reports Unix.Trojan.Mirai-7640640-0 FOUND

Post by rockedge »

@HerrBert Interesting find. Wonder what it means exactly.

Top
williams2
Posts: 1023
Joined: Sat Jul 25, 2020 5:45 pm
Been thanked: 288 times

Re: clamav reports Unix.Trojan.Mirai-7640640-0 FOUND

Post by williams2 »

clam can have false positive detections. A long time ago, Clam suddenly started flagging DOS 6.2 that I had in a zip file. I uploaded the file to some online virus scanners, and none of the antivirus engines detected it as a virus. So I reported to Clam the possible false detection, and they removed that particular test pattern a day or 2 later.

There are web sites that you can upload files to have them tested, some with multiple virus engines.

https://alternativeto.net/software/virustotal/
https://www.virustotal.com/
https://virusscan.jotti.org/

Top
HerrBert
Posts: 333
Joined: Mon Jul 13, 2020 6:14 pm
Location: Germany, NRW
Has thanked: 17 times
Been thanked: 112 times

Re: clamav reports Unix.Trojan.Mirai-7640640-0 FOUND

Post by HerrBert »

Tested the expanded files on https://www.virustotal.com/.

Files were scanned with around 63 engines and result is around 4-6 matches with varying virus names depending on the engine.
So i guess it's false positive.

Reported it to Clamav.

Top
Post Reply

Return to “Security”