Greetings;
I recently brought a daily system scan by clamscan back to life, and its
emailing me this:
/home/gene/src/linux-3.8.2/Documentation/usb/gadget_multi.txt: MBL_400944.UNOFFICIAL FOUND
/home/gene/src/linux-3.12.6/Documentation/usb/gadget_multi.txt: MBL_400944.UNOFFICIAL FOUND
/home/gene/src/linux-3.8.3/Documentation/usb/gadget_multi.txt: MBL_400944.UNOFFICIAL FOUND
/home/gene/src/linux-3.12.9/Documentation/usb/gadget_multi.txt: MBL_400944.UNOFFICIAL FOUND
/home/gene/src/linux-3.4.36/Documentation/usb/gadget_multi.txt: MBL_400944.UNOFFICIAL FOUND
/home/gene/src/linux-3.0.69/Documentation/usb/gadget_multi.txt: MBL_400944.UNOFFICIAL FOUND
/home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt: MBL_400944.UNOFFICIAL FOUND
Repeat for several other kernel trees.
FP or ??
Cheers, Gene
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
NOTICE: Will pay 100 USD for an HP-4815A defective but
complete probe assembly.
On Wed, 5 Feb 2014 09:15:34 -0500 Gene Heskett wrote:
> I recently brought a daily system scan by clamscan back to life, and
> its emailing me this:
>
> /home/gene/src/linux-3.8.2/Documentation/usb/gadget_multi.txt:
> MBL_400944.UNOFFICIAL
> FOUND /home/gene/src/linux-3.12.6/Documentation/usb/gadget_multi.txt:
> MBL_400944.UNOFFICIAL
> FOUND /home/gene/src/linux-3.8.3/Documentation/usb/gadget_multi.txt:
> MBL_400944.UNOFFICIAL
> FOUND /home/gene/src/linux-3.12.9/Documentation/usb/gadget_multi.txt:
> MBL_400944.UNOFFICIAL
> FOUND /home/gene/src/linux-3.4.36/Documentation/usb/gadget_multi.txt:
> MBL_400944.UNOFFICIAL
> FOUND /home/gene/src/linux-3.0.69/Documentation/usb/gadget_multi.txt:
> MBL_400944.UNOFFICIAL
> FOUND /home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt:
> MBL_400944.UNOFFICIAL FOUND
>
> Repeat for several other kernel trees.
> FP or ??
Most likely a FP, but try: https://www.virustotal.com/
--
Mihai Donțu
On Wednesday 05 February 2014, Mihai Donțu wrote:
>On Wed, 5 Feb 2014 09:15:34 -0500 Gene Heskett wrote:
>> I recently brought a daily system scan by clamscan back to life, and
>> its emailing me this:
>>
>> /home/gene/src/linux-3.8.2/Documentation/usb/gadget_multi.txt:
>> MBL_400944.UNOFFICIAL
>> FOUND /home/gene/src/linux-3.12.6/Documentation/usb/gadget_multi.txt:
>> MBL_400944.UNOFFICIAL
>> FOUND /home/gene/src/linux-3.8.3/Documentation/usb/gadget_multi.txt:
>> MBL_400944.UNOFFICIAL
>> FOUND /home/gene/src/linux-3.12.9/Documentation/usb/gadget_multi.txt:
>> MBL_400944.UNOFFICIAL
>> FOUND /home/gene/src/linux-3.4.36/Documentation/usb/gadget_multi.txt:
>> MBL_400944.UNOFFICIAL
>> FOUND /home/gene/src/linux-3.0.69/Documentation/usb/gadget_multi.txt:
>> MBL_400944.UNOFFICIAL
>> FOUND /home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt:
>> MBL_400944.UNOFFICIAL FOUND
>>
>> Repeat for several other kernel trees.
>> FP or ??
>
>Most likely a FP, but try: https://www.virustotal.com/
I'll report it as an FP then. I didn't know about that site. thanks.
Cheers, Gene
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
NOTICE: Will pay 100 USD for an HP-4815A defective but
complete probe assembly.
On Wednesday 05 February 2014, Gene Heskett wrote:
>Greetings;
>
>I recently brought a daily system scan by clamscan back to life, and its
>emailing me this:
>
>/home/gene/src/linux-3.8.2/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.12.6/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.8.3/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.12.9/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.4.36/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.0.69/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>
>Repeat for several other kernel trees.
>FP or ??
>
>Cheers, Gene
Someone thought its an FP, so I took this to the clamav list and got some
links, it is a highest threat Password revealer first seen by
<http://www.threatexpert.com/reports.aspx?find=PSWTool.Win32.PassViewer.av&x=11&y=9>
on 12/07/2011.
Over on <http://www.malwarepatrol.net/cgi/search.pl?id=400944>
You will see more history.
So that file needs sanitized. I was under the impression that a file with
the .txt extension was supposed to be pure ascii text, but its loaded to
the gills with some sort of markup crap. And I have at least 20 copies of
it.
Cheers, Gene
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
NOTICE: Will pay 100 USD for an HP-4815A defective but
complete probe assembly.
On Wed, Feb 05, 2014 at 01:24:59PM -0500, Gene Heskett wrote:
> >/home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt:
> >MBL_400944.UNOFFICIAL FOUND
>
> You will see more history.
>
> So that file needs sanitized. I was under the impression that a file with
> the .txt extension was supposed to be pure ascii text, but its loaded to
> the gills with some sort of markup crap. And I have at least 20 copies of
> it.
Huh? There are lines with
* Overview
...
** Linux host drivers
...
in that file, sure. But I'd hardly call that "loaded to the gills
with markup crap".
If the file was had any amount of XML or XHTML2, that would be markup
crap. But some Twiki style ascii markup is hardly a problem -- it
looks just fine when viewed in a text reader.
- Ted
Gene,
How big is the file you have? Here is what I have, and this is
from several different kernels.
wc gadget_multi.txt
150 830 5482 gadget_multi.tx
cksum gadget_multi.txt
3973522114 5482 gadget_multi.txt
ls -l gadget_multi.txt
-rw-rw-r-- 1 root root 5482 Dec 20 09:51 gadget_multi.txt
If you size/cksum is different something modified your file
On Wed, Feb 5, 2014 at 1:52 PM, Theodore Ts'o <[email protected]> wrote:
> On Wed, Feb 05, 2014 at 01:24:59PM -0500, Gene Heskett wrote:
>> >/home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt:
>> >MBL_400944.UNOFFICIAL FOUND
>>
>> You will see more history.
>>
>> So that file needs sanitized. I was under the impression that a file with
>> the .txt extension was supposed to be pure ascii text, but its loaded to
>> the gills with some sort of markup crap. And I have at least 20 copies of
>> it.
>
> Huh? There are lines with
>
> * Overview
>
> ...
>
> ** Linux host drivers
>
> ...
>
> in that file, sure. But I'd hardly call that "loaded to the gills
> with markup crap".
>
> If the file was had any amount of XML or XHTML2, that would be markup
> crap. But some Twiki style ascii markup is hardly a problem -- it
> looks just fine when viewed in a text reader.
>
> - Ted
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
On Wednesday 05 February 2014, Theodore Ts'o wrote:
>On Wed, Feb 05, 2014 at 01:24:59PM -0500, Gene Heskett wrote:
>> >/home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt:
>> >MBL_400944.UNOFFICIAL FOUND
>>
>> You will see more history.
>>
>> So that file needs sanitized. I was under the impression that a file
>> with the .txt extension was supposed to be pure ascii text, but its
>> loaded to the gills with some sort of markup crap. And I have at
>> least 20 copies of it.
>
>Huh? There are lines with
>
>* Overview
>
>...
>
>** Linux host drivers
>
>...
>
>in that file, sure. But I'd hardly call that "loaded to the gills
>with markup crap".
>
>If the file was had any amount of XML or XHTML2, that would be markup
>crap. But some Twiki style ascii markup is hardly a problem -- it
>looks just fine when viewed in a text reader.
>
> - Ted
I was using mc's f3 function. I agree, it looks fine in less, or even
gedit. I am going to filter it, you do as you feel is correct.
Thanks Ted.
Cheers, Gene
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
NOTICE: Will pay 100 USD for an HP-4815A defective but
complete probe assembly.
On Wednesday 05 February 2014, Roger Heflin wrote:
>Gene,
>
>How big is the file you have? Here is what I have, and this is
>from several different kernels.
>
> wc gadget_multi.txt
> 150 830 5482 gadget_multi.tx
>
>cksum gadget_multi.txt
>3973522114 5482 gadget_multi.txt
>
>ls -l gadget_multi.txt
>-rw-rw-r-- 1 root root 5482 Dec 20 09:51 gadget_multi.txt
>
>If you size/cksum is different something modified your file
They crosscheck as identical to yours.
>
>On Wed, Feb 5, 2014 at 1:52 PM, Theodore Ts'o <[email protected]> wrote:
>> On Wed, Feb 05, 2014 at 01:24:59PM -0500, Gene Heskett wrote:
>>> >/home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt:
>>> >MBL_400944.UNOFFICIAL FOUND
>>>
>>> You will see more history.
>>>
>>> So that file needs sanitized. I was under the impression that a file
>>> with the .txt extension was supposed to be pure ascii text, but its
>>> loaded to the gills with some sort of markup crap. And I have at
>>> least 20 copies of it.
>>
>> Huh? There are lines with
>>
>> * Overview
>>
>> ...
>>
>> ** Linux host drivers
>>
>> ...
>>
>> in that file, sure. But I'd hardly call that "loaded to the gills
>> with markup crap".
>>
>> If the file was had any amount of XML or XHTML2, that would be markup
>> crap. But some Twiki style ascii markup is hardly a problem -- it
>> looks just fine when viewed in a text reader.
>>
>> - Ted
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-kernel"
>> in the body of a message to [email protected]
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> Please read the FAQ at http://www.tux.org/lkml/
>
>--
>To unsubscribe from this list: send the line "unsubscribe linux-kernel"
>in the body of a message to [email protected]
>More majordomo info at http://vger.kernel.org/majordomo-info.html
>Please read the FAQ at http://www.tux.org/lkml/
Cheers, Gene
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
NOTICE: Will pay 100 USD for an HP-4815A defective but
complete probe assembly.
On Wed, Feb 05, 2014 at 03:47:07PM -0500, Gene Heskett wrote:
> >If the file was had any amount of XML or XHTML2, that would be markup
> >crap. But some Twiki style ascii markup is hardly a problem -- it
> >looks just fine when viewed in a text reader.
>
> I was using mc's f3 function. I agree, it looks fine in less, or even
> gedit. I am going to filter it, you do as you feel is correct.
Well, in any case, if a couple of lines which are prefixed by
asterisks where all the characters are otherwise english words in a
full ASCII text gets declared "malware", that's probably be best
demonstratoin about why many Anti-Virus companies are selling pure
snake oil, and someone should be demanding their money back. :-)
- Ted