Pnscan was the only report. I've been looking over the summaries for Pnscan-8031486-0 at https://malware.prevasio.io/ and it's obvious that pnscan is used by multiple malware packages and even a miner. In no case are the ancillary files in the summaries present on my system. But if they were ever there, they could have been auto-cleaned once pnscan was purged.
It appears to me that this instance is something which probably can't be pursued further. In a way pnscan presence may just be an invitation. Thanks. On Tue, Apr 19, 2022 at 10:15 PM Seth Arnold <1968...@bugs.launchpad.net> wrote: > The frog is definitely weird, but clamscan is almost certainly just > reporting a tool that might be used by attackers. There's lots of those. > Does it also report tcpdump? wireshark? ettercap? nc? telnet? nmap? > socat? stunnel? > > Thanks > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1968806 > > Title: > Clamscan reports Unix.Tool.Pnscan-8031486-0 in 1.12+git20180612-2 > pnscan version > > Status in pnscan package in Ubuntu: > Incomplete > > Bug description: > My system showed unusually high memory and swap usage for a few weeks, > also occasional lags in situations when it was always brisk before. I > naturally ran clamscan to check. Pnscan was flagged as containing the > malware. I removed and purged pnscan, and continued to scan for > anything else out of line. Saw nothing else, and rebooted. Memory > and swap usage was normal for several hours. Then I reinstalled > pnscan from the repository. Clamscan reported > Unix.Tool.Pnscan-8031486-0 in pnscan again. So I removed and purged > pnscan again. > > I recognize that clamscan could be misleading here, but I never saw > this report before, and it's clear that my memory and swap issues > haven't returned. > > I'm going to suggest this is a security vulnerability, even though the > clamscan result might be misleading. > > lsb_release -rd > Description: Ubuntu 20.04.4 LTS > Release: 20.04 > > uname -a > Linux ryzen7 5.4.0-107-lowlatency #121-Ubuntu SMP PREEMPT Thu Mar 24 > 16:45:08 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux > > pnscan 1.12+git20180612-2 > > ProblemType: Bug > DistroRelease: Ubuntu 20.04 > Package: pnscan 1.12+git20180612-2 > ProcVersionSignature: Ubuntu 5.4.0-107.121-lowlatency 5.4.174 > Uname: Linux 5.4.0-107-lowlatency x86_64 > ApportVersion: 2.20.11-0ubuntu27.23 > Architecture: amd64 > CasperMD5CheckResult: skip > CurrentDesktop: KDE > Date: Tue Apr 12 20:48:45 2022 > InstallationDate: Installed on 2012-12-03 (3417 days ago) > InstallationMedia: Kubuntu 12.10 "Quantal Quetzal" - Release amd64 > (20121017.1) > ProcEnviron: > PATH=(custom, no user) > XDG_RUNTIME_DIR=<set> > LANG=en_US.UTF-8 > SHELL=/bin/bash > SourcePackage: pnscan > UpgradeStatus: Upgraded to focal on 2020-04-29 (713 days ago) > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/pnscan/+bug/1968806/+subscriptions > > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1968806 Title: Clamscan reports Unix.Tool.Pnscan-8031486-0 in 1.12+git20180612-2 pnscan version To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pnscan/+bug/1968806/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
