On Thu, Jan 23, 2020 at 6:46 PM Leroy Tennison wrote:
>
> Received the following message: Trojaned version of file '/bin/grep'
> detected. Signature used: 'bash|givemer|/dev/' (Generic)." on 18.04.3 LTS.
> Downloaded the deb from Ubuntu standard repositories, extracted grep (in
> /tmp) and compared sha512sums for it and /bin/grep - identical. I received
> another message about a trojaned file for s-nail (also on Ubuntu 16.04)
> recently and, in that case, simply de-installed the package since it wasn't
> needed. Now I'm wondering if these are false positives. Appears the agent
> is 3.1.0, server is 2.9.1. Any suggestions or further steps i can take?
>
Pretty sure '/dev/' was removed from the signature because of this
false positive.
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ossec-list/77699c5a-21ea-43ea-83f3-4588ed3794b8%40googlegroups.com.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/CAMyQvMqnQfh0MPGJqrCw614S7oQSF6cx0f%3DJPQTR3Z8sC6KOeg%40mail.gmail.com.
