[clamav-users] crypto currency miner

Al Varnell alvarnell at mac.com
Tue Jan 2 20:26:37 UTC 2018


On Tue, Jan 02, 2018 at 09:40 AM, lejeczek wrote:
> I'd like to ask if your minder, if you mine crypto conins that is, often pop up in clamav?
> 
> I have this one: https://github.com/sammy007/cpuminer-multi <https://github.com/sammy007/cpuminer-multi>
> 
> and it gets flagged as:
> 
> ./cpuminer-multi/minerd: Unix.Tool.Minerd-6404314-0 FOUND
> 
> Would someone know something more about that code and why clamav sees it as .. right, as what exactly?
> 
> many thanks, L.

As others have said, clamAV correctly identifies it as a miner tool used on a unix system and you will need to either ignore it or add it to your local whitelist.

FYI, the logical signature is:
VIRUS NAME: Unix.Tool.Minerd-6404314-0
TDB: Target:6
LOGICAL EXPRESSION: (0&1&2&3&4)
 * SUBSIG ID 0
 +-> OFFSET: ANY
 +-> SIGMOD: NONE
 +-> SUBSIGNATURE:
55736167653a206d696e657264205b4f5054494f4e535d
Usage: minerd [OPTIONS]
 * SUBSIG ID 1
 +-> OFFSET: ANY
 +-> SIGMOD: NONE
 +-> DECODED SUBSIGNATURE:
stratum+tcp://
 * SUBSIG ID 2
 +-> OFFSET: ANY
 +-> SIGMOD: NONE
 +-> DECODED SUBSIGNATURE:
User-Agent: cpuminer
 * SUBSIG ID 3
 +-> OFFSET: ANY
 +-> SIGMOD: NONE
 +-> DECODED SUBSIGNATURE:
booooo
 * SUBSIG ID 4
 +-> OFFSET: ANY
 +-> SIGMOD: NONE
 +-> DECODED SUBSIGNATURE:
blake


-Al-
-- 
Al Varnell
ClamXAV user



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180102/c6b8b4a2/attachment.bin>


More information about the clamav-users mailing list