Moderator: Forum moderators
So I read a blogg entry / article where someone had done a virus scan and found a virus on Puppy Linux. He was gonna use it for a server or something. This was like a sleeping / not activated virus or something.
Has anyone used anti virus scanning and found a virus in Puppy? If you scanned it what anti virus software was used?
If so, could it have been sneaked into the code for puppy in some way or is it in some of the apps included in the finished .iso?
Some virus scanners identify pnscan in Puppy as malware. Pnscan was part of the old PeasyPort app, but the official versions of PeasyPort (made by me) stopped using pnscan long ago.
rcrsn51 wrote: Sun May 30, 2021 12:52 pmSome virus scanners identify pnscan in Puppy as malware. Pnscan was part of the old PeasyPort app, but the official versions of PeasyPort (made by me) stopped using pnscan long ago.
You can add the Outlook web application. Unable to connect with Puppy's and EasyOs ... it looks like it doesn't work at MS
Born to lose; live to win
So, is the older version of PeasyPort included in some of the older distros (.iso)? Is it included in Puppy Linux 6.9.9.9?
What does the PeasyPort app do?
If I build a Puppy Linux using Woof-ce, is the old or the new version included?
Is it the Linux.PNScan.1 thing: https://news.drweb.com/show/?i=9548&lng=en
The virus I read about was another one I think. Did anyone find another virus? How do you scan a Puppy for viruses, do you do it from another OS and just scan the .iso, would that work?
Mike3 wrote: Sun May 30, 2021 12:40 pmSo I read a blogg entry / article where someone had done a virus scan and found a virus on Puppy Linux. He was gonna use it for a server or something. This was like a sleeping / not activated virus or something.
[...]
A link to the blog/article would be helpful - please.
I tried to find the blog/ article, but couldn't find it and it was like 6 months since I read it or similar.
But basically it was just some dude who was gonna use Puppy for servers and he had run one of the larger anti virus softwares on it (Norton or something like that) and found some sleeping / not yeat activated virus.
But regardless if I found the article I guess we would have to try it ourselves to verify. But I don't think it was the pnscan thing, I am quite sure it was something else.
I did find some note I made during the time at which I read the blog post / article and it may have been some file named "stardust" or similar. And that's some kinda theme.
Will these startdust files come along if one does a Woof build?
Heh.
If zigbert - who put the stardust theme together, and is one of the community's oldest resident coders, really wanted to bugger the entire community up, he could have done it a thousand times over by now. Until very recently, it was always my preferred theme.
I give my kennels an occasional scan with Comodo's AV 4 Linux. It has, on occasion, found & quarantined, pnscan. But this is the same 'pnscan' that Bill mentioned in post #2.
I'm afraid if you're the kind who worries themselves silly over security, then nothing that any of us can say will allay your fears/suspicions one bit. Because it's very much "on the cards" that you'll ignore whatever is suggested, and will continue to get your knickers in a twist over nothing.
I've run nothing BUT Puppy for 7 years. And, despite all the hoo-ha from other folks about how Puppy is insecure because it runs-as-root, in all that time I have never yet had a single security issue of any kind.
Puppy runs in RAM for the session, and I don't 'save'. My browsers are configured to shut down in the same pristine condition as when I fire them up.
It works for me.....and continues to "work".
TBH, if you're the type who's "paranoid" about this stuff, IMHO you will ALWAYS be "paranoid" about it. Nothing will ever change that fact.....because it's in your nature. And I don't mean that in a nasty way; it's just a fact that some individuals ARE like that.
Mike. 
I always wonder what high stakes data people have on their machines. I also wonder why some are convinced that constant updating is actually always helpful and nessecary. Once I have the machine running well and fine tuned I tend not to ever update the system.
I ran as root in those heady days of MS-DOS and continue to do so when ever possible. The only machine I ever had that picked up a Trojan or some type of malware ran Windows and that was rare.
First of all, this is a technical issue.
Are there people and part of states and more who want to spy on people, yes. Are there viruses, yes. In fact in the history of the computer and OS's and the like there has been thievery and large companies having success due to stealing.
For example L0wt3ch who made the studio release did write he thought there was more and more spyware with large companies joining the linux project. And that this lead to him not being so enthusiastic. Did he show proof of spyware, not that I read, but do I think he is wrong, certainly not.
The stardust thing might be fine. This was just from a note I made at the time, like I mentioned and I did not make a specific note so I'm not sure. Again it could be checked I suppose. But I don't have any of the larger anti virus softwares installed, hence I wondered if anyone in the community has tried it on Puppy.
I think spyware is a huge issue. If you work in technology or art or anything with values it can be used to steal. Some care about privacy, some don't. I think that certainly has to do with experiences in life and, yes knowledge and facts. I could call people not understanding this kind of issue naive, but I would maybe prefer saying it is a lack of experience and knowledge regarding how the world works. And this type of knowledge is often gained through experience and not many people have seen what I have seen (and you should be happy you haven't). But if you want to suggest that people caring about security and privacy, which are huge issues, that is just a fact, in the computer field, are "paranoid" then that is your choice.
Unfortunately the world is full of thieves. Yes most people are nice people and honest but there are enough rotten apples to go around.
But I do remember very very clearly the dude had found some virus.
But I would appreciate a lot if we could keep this thread on the actual subject (and suggesting people are paranoid, I certainly think is uncalled for and I do not have such tendencies but whatever).
And you, mikewalsh, stated you had run AV 4 linux on it. Do you think this will find as many viruses as the large commercial anti virus softwares?
A build was removed from archive.org puppy files, it included an rm -f, they picked it up and killed it
cannot remember which or whom
Mike3 wrote: Sun May 30, 2021 5:50 pmAnd you, mikewalsh, stated you had run AV 4 linux on it. Do you think this will find as many viruses as the large commercial anti virus softwares?
@Mike3 :-
TBH, I have no idea. You certainly won't get me paying out for software that essentially checks specifically for Windoze spyware/malware/whatever, given that we haven't had Windoze in this house for many years.
And this is the thing about Linux AV software. It's of more use to someone running a mail server, where you're the 'middleman', and may unwittingly pass on malware-laden messages from one Windoze user to another. A good firewall, properly set-up and correctly monitored, will do everything most people need in Linux.....and I agree with rockedge; there simply isn't the need to constantly update/upgrade anything other than internet-facing applications. Those are your 'gateway' to the big, bad internet.
Perhaps 'paranoid' is a bit OTT, I don't know. I personally know several folks who just ARE suspicious of everyone & everything as a matter of course, and I can't help but think to myself what a very sad, insular, introverted existence they must lead. Though you're certainly right about the rotten apples.....but you'll find those in every walk of life.
Mike. 
I've run several stock Puppy Linux ISO's through virus scans. I have not had a positive find of a virus or Trojan on any of the distro downloads I did.
Most of the ones I scanned are the mainline Puppy's. WeeDog that I make would have to have the toxic code directly in the Void Linux repos. Same thing for DebianDogs and the other Dogs as well.
I could see some rogue remaster floated out there designed to do something nefarious probably exists.
Mike3 wrote: Sun May 30, 2021 3:29 pmI tried to find the blog/ article, but couldn't find it and it was like 6 months since I read it or similar.
But basically it was just some dude who was gonna use Puppy for servers and he had run one of the larger anti virus softwares on it (Norton or something like that) and found some sleeping / not yeat activated virus.
But regardless if I found the article I guess we would have to try it ourselves to verify. But I don't think it was the pnscan thing, I am quite sure it was something else.
I did find some note I made during the time at which I read the blog post / article and it may have been some file named "stardust" or similar. And that's some kinda theme.
Will these startdust files come along if one does a Woof build?
"Was going to use Puppy for servers..." doesn't give me much faith whoever this is knows what he's talking about.
Some of us might use puppy to run a server on our home networks because we can, but conventional wisdom is that running a root only single user system as a server is a bad idea.
I've found a virus on my Puppy Linux computer. The virus was from an old windows install, but technically was kinda in Puppy....
From the sounds of it, that blog is not based in fact.
The only Puppy related virus stuff google finds is parvovirus, which isn't really relevant to this type of puppy 
So, which versions on PeasyPort has the pnscan stuff (i.e. in what version was it removed)?
Also I read that the Fossapupp uses a hacked version of PeasyPort does that version contain pnscan.
What is the purpose of the PeasyPort app? Do one need it to connect to a wireless modem? Or to connect by USB to a modem? Or is the internet connection thing done by other apps independently?
Is it used to connect computers in a network, a wireless network and to be able to share files and the like?
Some of us might use puppy to run a server on our home networks because we can, but conventional wisdom is that running a root only single user system as a server is a bad idea.
I've run web servers for 10 years now fully based on Puppy Linux, often exposed directly to the Internet. File server, web server , mail server all very possible with Puppy Linux. I had a web server running WordPress sites and photo gallery (Gallery 3) on an UPUP 3.9.9.2 that was up for 300+ consecutive days and then a system running a Hiawatha based (LHMP) stack that was up for 531 consecutive days until a hurricane knocked out power at my house.
There is a separate user built into Puppy Linux that is in almost every form of Puppy Linux OS, and that is webuser:webgroup. Which if one checks the properties on /root/Web-Server, they would see that this directory is assigned to the user webuser. I can chown the directory /var/www to stay in line with the default server root locations.
Of course there is always adding the users needed to run servers. Something like
Code: Select all
adduser www-data
adduser mysqlI'll run Apache or Hiawatha as user www-data and the MySQL or mariaDB as user mysql.
I think you're making too big an issue of pmscan being detected as malware...way back in the old days, in
my old ways (don't ask, cause I won't tell) I ran portscanners both in AIX and DOS/Windows...the programs
themselves are NOT malware, but in the hands of someone that knows what to do they can be quite useful.
In some 40 years of usage, various OSes, I haven't had a system compromised...none of them, and I still
even use WinXP. I remember some 23 years ago or so, XChaos (original author of Arachne Web Browser for DOS)
was accused of spreading a virus in Arachne...but it all boiled down to USER STUPIDITY in the methods used to
setup their DOS installation...Don't set your TEMP to C:\DOS or the installer in Arachne browser package would
delete the contents of the system variable "TEMP"...which would mean everything in C:\DOS, result...no
system files found, system halted COMMAND.COM not found, no bootable operating system found on reboot.
Anyhow, XChaos ended up rewriting the installer batch file to not delete the temporary files if the system
temp variable was set to C:\DOS!
Wiz 
ps---rockedge...I too run as root, or in Windows as Administrator, on my personal systems...the computers are
MINE, they are PERSONAL COMPUTERS, therefore I am the Administrator or root user! 
Signature available upon request
I'll run Apache or Hiawatha as user www-data ...
Many servers MUST start as root, so it can setup the environment for the server.
After it starts, it switches to running as an unprivileged user.
In most other distros, an unprivileged user can easily become root, often without even needing a password ( sudo su )
The way Puppy is usually set up, it is impossible for an unprivileged user to become root.
# su spot
$ whoami
spot
$ su
su: must be suid to work properly
$ exit
exit
# su nobody
$ whoami
nobody
$ su
su: must be suid to work properly
$ exit
exit
# su webuser
$ whoami
webuser
$ su
su: must be suid to work properly
$ exit
exit
#
So if there is an app that is included when one builds a Puppy Linux with Woof-ce, that one does not want or one wants a later version, is the only way to take it away when the .iso from the Woof-CE is ready, or is there a way to alter the choice of apps / files that is included in Woof-CE?
Is there a list of the apps that are included when using Woof-CE to build?
Regarding pnscan: The pnscan binary in old PeasyPorts was either compiled by me from the author's source code or pulled directly from Debian packages. There is nothing malicious about its use. It only appears in some virus scans because malware authors have incorporated the same code into their work.
Regarding the status of PeasyPort: These questions can only be answered by the Puppy builders and Woof maintainers. And they don't appear to be interested in the issue.
rcrsn51 wrote: Sun May 30, 2021 12:52 pmSome virus scanners identify pnscan in Puppy as malware. Pnscan was part of the old PeasyPort app, but the official versions of PeasyPort (made by me) stopped using pnscan long ago.
I am curious, since I just ran a ClamAV scan on BookwormPup64 10.0.8 x86_64 that I installed very recently, and pnscan was found, as shown below.
Code: Select all
/usr/bin/pnscan: Unix.Tool.Pnscan-8031486-0 FOUNDReading through the 2021 posts, it would seem that pnscan is nothing to be concerned about, but what bothers me is that since pnscan was removed from PeasyPort, could something else have introduced it?
Asked Copilot about it. It suggested to execute the following command - results shown:
Code: Select all
grep -r "pnscan" /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin
grep: /usr/bin/pnscan: binary file matches
grep: /usr/bin/t_listen: binary file matches
/usr/local/bin/yassm:FOUNDIPS=$(pnscan -t 2000 -v ${SUBNET}.1:${SUBNET}.254 10101 2>&1 | grep "refused" | awk '{print $1}')
It informed me that yassm is also part of the PeasySuite.
BookwormPup64 10.0.8 x86_64
All because a portable system protects me from M$ wherever I go 
@baggins
'Grep' in my eyes is not dissimilar to LLM like CoPilot. In the sense that it looks for patterns for the tokens/words used and provides a response.
Can you share with us the question that you asked the AI?
I am using VoidPup64 right now and a quick search does find the application in
/usr/bin
I uploaded the file/binary to VirusTotal to check and it stated that ClamAV does not flag/report this as untoward.
This does not give the full picture and if you want the full report you can use/enter this hash:
https://www.virustotal.com/gui/home/search
633e63fe111a8579d09a3815e444822cbd6bb53a5ec3ce18eaa1227856b24d2d
Malware scanners search for known malware, but nobody is actively looking for new and unidentified malware in Puppy. Therefore, antivirus scanners don't have signatures of Puppy files and probably won't find anything even if there is something malicious in a Puppy ISO you download.
In addition, Puppy lacks basic security and authenticity infrastructure, it basically has no protection against a supply chain attack. Most Puppy releases contain .pet packages, built on somebody's computer (not in an airgapped computer with auditing) long ago, with no way to verify that the package wasn't built after malicious changes to the source code, and there's no mechanism to verify that packages haven't changed after creation (for example, by somebody with permissions to upload packages to the repo). Any prebuily binary in Puppy could be malicious, from day 1 or after tampering by a malicious actor who changed it.
Thank you for your reply.
Can you share with us the question that you asked the AI?
Prompt:
I want to know which application uses pnscan in Puppy Linux.
Response:
The application that used to include pnscan in Puppy Linux is PeasyPort. However, it’s important to note that the official versions of PeasyPort no longer use pnscan
Further prompts lead to:
Run the following command to search for pnscan:
grep -r "pnscan" /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin
-------
Considering that I downloaded what I believed to be from the official source (https://puppylinux-woof-ce.github.io/ → https://distro.ibiblio.org/puppylinux/p ... 64/10.0.8/), pnscan should not be installed according to this thread.
-------
My VirusTotal scan differs from yours.
https://www.virustotal.com/gui/file/09 ... 0234bc9dba
I think I might just remove the entire Peasy Suite from the built-in packages list.
All the best.
BookwormPup64 10.0.8 x86_64
All because a portable system protects me from M$ wherever I go
@dimkr :-
Dima, humour me here, will you? If you've always had such a low opinion of Puppy's security - or lack of! - I'm genuinely curious: why have you bothered with it for all these years? I would have thought you would have taken one look.....and run away, shaking your head, and thinking to yourself, "No way.... Uh-uh!"
Mike. 
dimkr wrote: Fri Sep 27, 2024 8:20 pmMalware scanners search for known malware, but nobody is actively looking for new and unidentified malware in Puppy. Therefore, antivirus scanners don't have signatures of Puppy files and probably won't find anything even if there is something malicious in a Puppy ISO you download.
Thank you for your reply.
I ran the scan on an installed system not the ISO. I thought that AV apps just scanned for malware regardless of the distro.
In addition, Puppy lacks basic security and authenticity infrastructure, it basically has no protection against a supply chain attack. Most Puppy releases contain .pet packages, built on somebody's computer (not in an airgapped computer with auditing) long ago, with no way to verify that the package wasn't built after malicious changes to the source code, and there's no mechanism to verify that packages haven't changed after creation (for example, by somebody with permissions to upload packages to the repo). Any prebuily binary in Puppy could be malicious, from day 1 or after tampering by a malicious actor who changed it.
That is concerning, especially being root. Glad I didn't try doing any financial things. What about the 'stewards' who are the 'gatekeepers' of the official releases? Are those releases not safe?
I don't foresee any usage of PeasySuite, so, I'll get it off of the built-in list.
Anyway, I guess that pnscan was reintroduced sometime after this thread was created back in 2021.
Thank you.
BookwormPup64 10.0.8 x86_64
All because a portable system protects me from M$ wherever I go
mikewalsh wrote: Sat Sep 28, 2024 3:02 amIf you've always had such a low opinion of Puppy's security - or lack of!
It's not an opinion, it's a fact. Why, in your opinion, pretty much all distros except Puppy have an automated package building infrastructure that verifies developer identity and protects source code against tampering or malicious modification, and package managers that verify that packages were built by the distro developers and not modified afterwards?
mikewalsh wrote: Sat Sep 28, 2024 3:02 amI would have thought you would have taken one look.....and run away, shaking your head, and thinking to yourself, "No way.... Uh-uh!"
I don't just shake my head and walk away. I fix. I spent countless hours building a Puppy with zero prebuilt binaries, where everything is either downloaded with proper verification or built from source with proper verification of the source code.
baggins wrote: Sat Sep 28, 2024 4:46 amThat is concerning, especially being root. Glad I didn't try doing any financial things. What about the 'stewards' who are the 'gatekeepers' of the official releases? Are those releases not safe?
You should talk to the developer of the Puppy you're using and ask them to describe their views on software security and the measures they've taken to ensure their offering is indeed secure.
--
Regarding pnscan, it's very common for antivirus software to flag network scanning tools as malware, although they can't be used to hack into a system (only find potentially vulnerable systems). Most AVs even flag nc as malware, only because it can be used for port scanning or as a remote shell.
@mikewalsh
Don't shoot the messenger
Dimkr is simply informing you of best practice in a production environment as a professional.
Puppy Linux has always been a 'home spun' offering.
Credit and kudos to BarryK and all the talented developers who have brought this forward over the many years.
The main distributions have large pools of people working on them and therefore security and responsibility is expected.
GPG (......not referring to the Gender Pay Gap!!) has been available for as long as I remember and has always had the Enigmail plug-in available for Thunderbird and other email clients. MS Outlook also has this provision available.
Regarding 'verified' signatures for malware, trojans, viruses etc ....... of course you need these for the databases. 'In the wild' reports are collated before confirmation is provided.
As we move forward the in-house PPM is becoming less relevant as the third-party repositories have these measures already provided.
However, this does not mean as a user you become complacent.
It's your responsibility to take your own security measures and have a backup strategy in place.
@Jasper :-
No, no shootings here.
I DO understand where Dima's coming from. I know more or less what field of software development he's in, and yes; he's absolutely right. By its very nature, Puppy IS insecure.....certainly when compared to the major, mainstream distros (and by extension, a majority of the others since the many are in some way based on the few).
But you've hit the nail on the head there. "Home-spun" sums it up in a nutshell. Most of the dev teams that work on what many call "serious" Linux (!!) are comprised of people that spend all their time doing this, and are "professionals" compared to the rest of us. They're passionate about what they do, despite that most don't get paid for it.
I - like you - am immensely grateful to all the highly talented folks in this wee community of ours.....many of whom are just as dedicated in their own way as those "professional" dev teams. Compared to these guys, I just play around; I barely scratch the surface of what's possible. I'm a "bumbler", pottering around with odd bits of code here & there, frequently amazing myself when I manage to make something work. I don't have the talent OR dedication of folks like Barry, peebee, rockedge, wiak, mistfire, philb666, and all these other wonderful 'devs' we have here. Not in a million years.
What I DO have is fun. Lots of it! It wasn't until I found the sanity of the Puppy community - after years of drudgery & frustration with MyCrudSoft - that I remembered computing COULD be fun.....
Yes, I have backup strategies in place. And like Dima, I prefer to automate as much as possible (in my case, via cron jobs.....sometimes starting jobs directly, sometimes a reminder to plug something in so that another cron job can then do its thing). Perhaps it's all a bit haphazard by some people's standards, but it works for me.
Puppy ROOLZ. Yeah!
Mike.
