[clamav-users] Latest samba source contains Win.Trojan.Qhost-106?
Paul Kosinski
clamav-users at iment.com
Thu Mar 31 00:46:27 UTC 2016
The only file that was flagged as containing a virus (trojan) was
"wintest.py" in the "wintest" directory of the Samba source code. This
sounds like it's only a file for testing Samba (when built for
Windows?), and, unless it's something really sneaky, shouldn't be able
to affect a running Samba.
The bug is called "BadLock", and, since Microsoft is working on it too,
I'd guess it's an SMB protocol bug. Furthermore, some years ago MS was
stonewalling Samba. If it were a Samba-only bug, MS probably wouldn't
actively work on it, but rather would use it to tout the advantages of
Windows Server.
Paul Kosinski
On Thu, 31 Mar 2016 10:51:55 +1100
Andrew McGlashan <andrew.mcglashan at affinityvision.com.au> wrote:
>
>
> On 31/03/2016 5:32 AM, Alain Zidouemba wrote:
> > Paul:
> >
> > Thanks for reporting this FP. This will be fixed momentarily.
>
> Is it really a false positive?
>
> There has been a heads up that SAMBA code has a problem and that both
> Microsoft and Samba are working on a solution that will be released on
> the next patch Tuesday.....
>
> That download could be part of this somehow, I don't know. But it
> shouldn't blindly be considered a FP, that's for sure!
>
> > - Alain
> >
> > On Wed, Mar 30, 2016 at 2:18 PM, Paul Kosinski
> > <clamav-users at iment.com> wrote:
> >
> >> I just downloaded samba-4.4.0.tar.gz (the latest) from samba.org,
> >> and, after downloading via HTTPS, ClamAV (0.99.1/21479) reports
> >> that the gz file contains Win.Trojan.Qhost-106. In particular, the
> >> single file wintest.py in the subdirectory wintest is reported.
>
> Kind Regards
> AndrewM
>
More information about the clamav-users
mailing list