Bug#929272: nmap-common: executable distributed in nmap-common detected as malware
Hello, Granted, this is a false positive and could be fixed through other channels if I absolutely had to have nmap installed, but... This a corporate antivirus which I have no ability to personally override. Arguing with company IT about it is more trouble than just uninstalling an only occasionally used tool. I imagine arguing with the AV vendor would be even more of a headache. Even if I did all that it wouldn't be much help for others in similar situations at other companies with other AV products. The previous link I sent, to an archived discussion of this suggested a workaround which I think would be relatively simple to implement: distribute the affected files separately, as a recommended dependency. A user can then remove it (or not install it in the first place) if it becomes a problem and they don't need it. Thanks, Dom
Bug#929272: nmap-common: executable distributed in nmap-common detected as malware
Package: nmap-common Severity: normal Dear Maintainer, /usr/share/nmap/nselib/data/psexec/nmap_service.exe is detected by Sophos AV as malware. This appears to be a common problem with psexec, both with nmap's implementation and Microsoft's: https://seclists.org/nmap-dev/2010/q1/198 https://docs.microsoft.com/en-us/sysinternals/downloads/psexec The nmap packages prior to 7.70 did not include the compiled binary. -- System Information: Debian Release: buster/sid APT prefers disco-updates APT policy: (500, 'disco-updates'), (500, 'disco-security'), (500, 'disco') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-29-generic (SMP w/8 CPU cores) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled