/bin/bash

lesliek · December 25, 2021, 6:37pm

CAVL is showing the above as suspicious for the first time. I tried to submit the file but got an error when trying. Is this a false positive?

Leslie

C.O.M.O.D.O_RT · December 26, 2021, 10:10am

Hi lesliek,

Thank you for reporting, could you share us the screenshot of “CAVL is showing /bin/bash as suspicious” and “Error while you try to submit the file” .
Also, may i know your:-

Linux version ?
CAVL version ?
Can you reproduce the problem & if so how reliably?
If you can, exact steps to reproduce. If not, exactly what you did & what happened.

Thanks
C.O.M.O.D.O RT

lesliek · December 26, 2021, 1:09pm

Thank you very much for taking the trouble to reply.

I am using Ubuntu 20.04.3 LTS.

I am using CAVL 1.1.268025.1 with virus signature database version 34205.

I apologise for being unable to figure out how to add an attachment to this post. However, I just ran a scan of /bin again and this is what I get re /bin/bash: threat name is Malware@#3bjpp54h0d0nu and risk is high.

After running that scan, I tried to submit my /bin/bash file, but this time I got the message “Already submitted”.

Some more information: after being told that my bash was a threat the first time, I deleted it and replaced it with the bash file on the CD from which I installed Ubuntu last year. It’s the bash that has never before been said by CAVL to be a threat. Obviously, I got the same result as I’d got with the deleted bash.

I installed ClamAV and updated its signatures. I ran it. It said my bash was OK.

I uploaded my bash file to: VirusTotal. It reported no problem with my bash.

I hope that I’ve supplied the information you want. If not, please let me know what else you want and I’ll try to supply it.

Thanks again,

Leslie

C.O.M.O.D.O_RT · December 26, 2021, 2:21pm

lesliek post:3:

Thank you very much for taking the trouble to reply.

I am using Ubuntu 20.04.3 LTS.

I am using CAVL 1.1.268025.1 with virus signature database version 34205.

I apologise for being unable to figure out how to add an attachment to this post. However, I just ran a scan of /bin again and this is what I get re /bin/bash: threat name is Malware[at]#3bjpp54h0d0nu and risk is high.

After running that scan, I tried to submit my /bin/bash file, but this time I got the message “Already submitted”.

Some more information: after being told that my bash was a threat the first time, I deleted it and replaced it with the bash file on the CD from which I installed Ubuntu last year. It’s the bash that has never before been said by CAVL to be a threat. Obviously, I got the same result as I’d got with the deleted bash.

I installed ClamAV and updated its signatures. I ran it. It said my bash was OK.

I uploaded my bash file to: https://www.virustotal.com/gui/home/upload. It reported no problem with my bash.

I hope that I’ve supplied the information you want. If not, please let me know what else you want and I’ll try to supply it.

Thanks again,

Leslie

Hi lesliek,

Thank you for providing the requested information, let me check and get back to you.

Thanks

lesliek · December 26, 2021, 4:01pm

Thank you.

C.O.M.O.D.O_RT · December 30, 2021, 4:41pm

Hi lesliek,

The /bin/bash is an false positive, could you update AV DB to v34218 and check.
Let us know your feedback.

Thanks
C.O.M.O.D.O RT

lesliek · December 30, 2021, 4:47pm

I updated and checked. This time, there was no report of a threat.

Thank you very much for dealing with this for me.

Best wishes,

Leslie