I recently installed Ubuntu 12.10. I use Clamav and have scanned my system regularly for infections. Today it picked up a potential threat
/usr/lib/ruby/1.9.1/rdoc/generator/template/darkfish/js/thickbox-compressed.js.
Ubuntu is my only operating system installed. Clamav was not able to delete or quarantine the file.
Should i be concerned or is this a false positive? I have scanned the same file multiple times and it picks it up as a threat each time. Also i tried googling the issue before posting and found no information.
A point I forgot to mention, clamav picks it up as PUA.script.packed-1
That file seems to belong to package libruby1.9.1, which should be installed when you installed Ruby.
If that package comes from the default repositories I guess that warning should be nothing to you worry about. If it comes from a PPA then you should take a closer look.
To see from where the package comes you can use apt-cache. From my system:
$ apt-cache policy libruby1.9.1
libruby1.9.1:
Installed: (none) <-- This shows the installed version (not installed on my case)
Candidate: 1.9.3.0-1ubuntu2.5
Version table:
1.9.3.0-1ubuntu2.5 0
500 http://pt.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
1.9.3.0-1ubuntu1 0
500 http://pt.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
Also consider checking that file in an online scanner like VirusTotal. If only clamav marks it as a potencially threath probably it is a false positive.
No comments:
Post a Comment