[clamav-users] ClamAV detects XMR-Stak as malicious. Is this a false positive?
happysmash27
happysmash27 at protonmail.com
Fri Nov 19 07:23:01 UTC 2021
I decided to scan my entire /usr/ folder recently, as I heard about a malicious package in NPM and wanted to be extra sure nothing got into my system. I was slightly shocked when it finished, and it said there was 1 infected file. Unfortunately it did not list exactly what that infected file was, so I ran it again this time logging to a file and grepped that file for "FOUND", and the result was:
/usr/bin/xmr-stak: Multios.Coinminer.Miner-6781728-2 FOUND
But... XMR-Stak is _supposed_ to be a crypto miner. That is what it does. I installed it for that purpose, compiling it from source since I am on Gentoo.
So... is this a false positive then? Or is this saying something else, like, that my version of XMR-Stak has malicious code to mine on some bad actor's pool instead of the one I tell it to mine in?
More information about the clamav-users
mailing list