On Wednesday 05 February 2014 16:02:03 Greg Folkert did opine: > On Wed, 2014-02-05 at 15:17 -0500, Gene Heskett wrote: > > On Wednesday 05 February 2014 15:15:07 Alan Stern did opine: > > > On Wed, 5 Feb 2014, Gene Heskett wrote: > > > > Greetings; > > > > > > > > The daily system scan is fussing about > > > > /home/gene/src/linux-3.8.2/Documentation/usb/gadget_multi.txt: > > > > MBL_400944.UNOFFICIAL FOUND > > > > /home/gene/src/linux-3.12.6/Documentation/usb/gadget_multi.txt: > > > > MBL_400944.UNOFFICIAL FOUND > > > > /home/gene/src/linux-3.8.3/Documentation/usb/gadget_multi.txt: > > > > MBL_400944.UNOFFICIAL FOUND > > > > /home/gene/src/linux-3.12.9/Documentation/usb/gadget_multi.txt: > > > > MBL_400944.UNOFFICIAL FOUND > > > > /home/gene/src/linux-3.4.36/Documentation/usb/gadget_multi.txt: > > > > MBL_400944.UNOFFICIAL FOUND > > > > /home/gene/src/linux-3.0.69/Documentation/usb/gadget_multi.txt: > > > > MBL_400944.UNOFFICIAL FOUND > > > > /home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt: > > > > MBL_400944.UNOFFICIAL FOUND > > > > > > > > But https://virustotal.com thinks otherwise. > > > > > > Gene: > > > > > > I have had annoying experiences with false positives from the MBL > > > database in the past. Since the number of valid matches from that > > > database (for my workload) been quite small, I have dropped it > > > entirely. > > > > It turned out that more links confirmed it as a high level threat, to > > win32 systems, by exposing your passwords. First reported in 2011, so > > I am posting to lkml about it, complete with the links that confirm > > it. > > You do realize this is *JUST* the Kernel Source Documentation in the USB > tree... These particular files *ARE NOT* a password snooper. Come on > Gene THINK. Reporting this to the LKML, will more than likely be > ignored. > > Please do yourself a favor and consider what it is you are looking at > before you report things like this... there is *NO* way that this one > file included in many kernel sources is intended for Windows Password > Snooping/Revealer. > > I can see why it might be found as a REAL threat for someone that > doesn't understand why many time Documentation is flagged... > > It is a pattern matching "match" this file talks about Encryption and > methods used to work with a Composite USB gadget... which are used in > negotiations with Windows. This fail mentions RDNIS and CDC ACM and > mentions Microsoft MSDN library articles containing info... and well. Of > course some UNOFFICIAL test patterns are going to flag off it. > > Have you *LOOKED AT* or *READ* the file(s)? from your Linux machine? > > Please do that before going forward. But I see you've already availed > yourself to the LKML. > > Oh well.
And now I am puzzled because I don't recall what 'reader' showed me all the trash, less, gedit, and even mc's f3 function is now reading it well. But I'm just paranoid enough to check it out. So lets just admit it has the same md5 as a famous windows password snooper. Now, an extra linefeed someplace in it ought to fix that I'd think. Because I have even old kernel trees in /usr/src, I've set a root cron job up to look at /usr/src tomorrow morning, just for S&G. Cheers, Gene -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> NOTICE: Will pay 100 USD for an HP-4815A defective but complete probe assembly. _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
