Bug 1318487

Summary: Malware discovered in 2 EPEL packages
Product: [Fedora] Fedora EPEL Reporter: Dane Butler <dane.butler>
Component: ettercapAssignee: Gwyn Ciesla <gwync>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: el6CC: gwync, maurizio.antillon
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-30 15:54:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dane Butler 2016-03-17 03:43:30 UTC 
Description of problem: Malware detected in EPEL packages


Version-Release number of selected component (if applicable): 6Server


How reproducible:

Always

Steps to Reproduce:
1. Turn active virus scanning on Bluecoat Proxy
2. Sync EPEL6
3. Wait for the alert to come through

Actual results: (sensitive information removed)

16 Mar 2016 12:49:02 UTC+11:00	HEUR:DoS.Linux.Agent.c		Technology/Internet	http://dl.fedoraproject.org/pub/epel/6/x86_64/ettercap-0.7.5-4.el6.1.20120906gitc796e5.x86_64.rpm

16 Mar 2016 13:17:56 UTC+11:00	HEUR:Backdoor.Linux.Tsunami.bj		Technology/Internet	http://dl.fedoraproject.org/pub/epel/6/x86_64/ircd-hybrid-7.3.1-2.el6.x86_64.rpm



Expected results:
Nil reports

Additional info:
Comment 1 Gwyn Ciesla 2016-03-17 14:15:54 UTC 
I'm unable to update EL-6 to the current version due to an insufficient curl version. Can you unpack the RPM and let me know which file is affected?  I may be able to remove or replace it.
Comment 2 Dane Butler 2016-03-17 22:14:25 UTC 
Would you be able to manually download the file and unpack it and check it from your end? I deleted my copy of the file as soon as it was detected as Im on a corporate network.

I may be able to do some investigation at home if you cannot do that. This was detected by our Bluecoat Proxy appliance.
Comment 3 Gwyn Ciesla 2016-03-18 13:52:30 UTC 
ClamTk says it's clean, so either it lacks that definition or it's a false positive.
Comment 4 Ben Cotton 2020-11-05 16:50:38 UTC 
This message is a reminder that EPEL 6 is nearing its end of life. Fedora will stop maintaining and issuing updates for EPEL 6 on 2020-11-30. It is our policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of 'el6'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later EPEL version.

Thank you for reporting this issue and we are sorry that we were not able to fix it before EPEL 6 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged  change the 'version' to a later Fedora version prior this bug is closed as described in the policy above.
Comment 5 Ben Cotton 2020-11-30 15:54:53 UTC 
EPEL el6 changed to end-of-life (EOL) status on 2020-11-30. EPEL el6 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
EPEL please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.