Bug 2135337

Summary:	python36-impacket-0.9.22-3.el7.noarch.rpm” package detected as malicious file by an Anti-Virus tool
Product:	[Fedora] Fedora	Reporter:	Ganesh Payelkar <gpayelka>
Component:	python-impacket	Assignee:	Michal Ambroz <rebus>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	rawhide	CC:	mail, rebus
Target Milestone:	---
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:	python-impacket-0.10.0-1.fc37 python-impacket-0.10.0-1.el9 python-impacket-0.10.0-1.el7 python-impacket-0.10.0-1.el8	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2022-11-17 01:27:23 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Ganesh Payelkar 2022-10-17 10:17:48 UTC

Description of problem:

python36-impacket-0.9.22-3.el7.noarch.rpm”  package  detected as a malicious file by an Anti-virus tool 

Version-Release number of selected component (if applicable):
python36-impacket-0.9.22-3.el7

How reproducible:
When we sync EPEL repos on Red Hat Satellite 

Steps to Reproduce:
1. Create a Custom repo from https://dl.fedoraproject.org/pub/epel/7/x86_64/
2. sync the repos to store in the local filesystem
3. Scan the system through Anti-virus

Actual results:

Anti-virus/Scanner detected this package as a virus/malicious file

Expected results:

Anti-virus tools should not be detected as a virus if this package does not have any harmful content,


Additional info:

According to the RPM package details 

Python3 package of python-impacket.

Impacket is a collection of Python classes focused on providing access to
network packets. Impacket allows Python developers to craft and decode network
packets in simple and consistent manner. It is highly effective when used in
conjunction with a packet capture utility or package such as Pcapy. Packets
can be constructed from scratch, as well as parsed from raw data. Furthermore,
the object oriented API makes it simple to work with deep protocol hierarchies.

Comment 1 Michal Ambroz 2022-10-27 22:40:53 UTC

Please can you provide more details on what exactly has been detected as malicious and by which antivirus?

Some tools from this package implement specific windows features and protocols like WMI, SMB to be called from linux system to windows environment.
I agree that some of these tools should be classified as "Potentially Unwanted Application" as they are often (mis)used by hackers for doing the remote calls to windows environment (smbexec/wmiexec/psexec/atexec).

But tools are not malicious as such and its presence or event execution on the linux system is not causing any risk to the system.

Comment 2 Fedora Update System 2022-11-08 14:20:57 UTC

FEDORA-2022-e9313013ac has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-e9313013ac

Comment 3 Fedora Update System 2022-11-08 14:21:00 UTC

FEDORA-EPEL-2022-00b6379660 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-00b6379660

Comment 4 Fedora Update System 2022-11-08 14:21:02 UTC

FEDORA-EPEL-2022-212c91d943 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-212c91d943

Comment 5 Fedora Update System 2022-11-08 14:21:05 UTC

FEDORA-EPEL-2022-364bf38f60 has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-364bf38f60

Comment 6 Fedora Update System 2022-11-09 09:17:25 UTC

FEDORA-2022-e9313013ac has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-e9313013ac`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-e9313013ac

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 7 Fedora Update System 2022-11-09 11:54:51 UTC

FEDORA-EPEL-2022-364bf38f60 has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-364bf38f60

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2022-11-09 12:00:35 UTC

FEDORA-EPEL-2022-00b6379660 has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-00b6379660

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2022-11-09 12:02:04 UTC

FEDORA-EPEL-2022-212c91d943 has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-212c91d943

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 10 Fedora Update System 2022-11-17 01:27:23 UTC

FEDORA-2022-e9313013ac has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 11 Fedora Update System 2022-11-17 03:07:52 UTC

FEDORA-EPEL-2022-364bf38f60 has been pushed to the Fedora EPEL 9 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 12 Fedora Update System 2022-11-17 03:12:50 UTC

FEDORA-EPEL-2022-00b6379660 has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 13 Fedora Update System 2022-11-17 03:22:47 UTC

FEDORA-EPEL-2022-212c91d943 has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.