I decided to scan my entire /usr/ folder recently, as I heard about a malicious package in NPM and wanted to be extra sure nothing got into my system. I was slightly shocked when it finished, and it said there was 1 infected file. Unfortunately it did not list exactly what that infected file was, so I ran it again this time logging to a file and grepped that file for "FOUND", and the result was:
/usr/bin/xmr-stak: Multios.Coinminer.Miner-6781728-2 FOUND But... XMR-Stak is _supposed_ to be a crypto miner. That is what it does. I installed it for that purpose, compiling it from source since I am on Gentoo. So... is this a false positive then? Or is this saying something else, like, that my version of XMR-Stak has malicious code to mine on some bad actor's pool instead of the one I tell it to mine in? _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
