Bug 2135337 - python36-impacket-0.9.22-3.el7.noarch.rpm” package detected as malicious file by an Anti-Virus tool
Summary: python36-impacket-0.9.22-3.el7.noarch.rpm” package detected as malicious fi...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: python-impacket
Version: rawhide
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Michal Ambroz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-10-17 10:17 UTC by Ganesh Payelkar
Modified: 2023-06-09 22:45 UTC (History)
2 users (show)

Fixed In Version: python-impacket-0.10.0-1.fc37 python-impacket-0.10.0-1.el9 python-impacket-0.10.0-1.el7 python-impacket-0.10.0-1.el8
Clone Of:
Environment:
Last Closed: 2022-11-17 01:27:23 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Ganesh Payelkar 2022-10-17 10:17:48 UTC 
Description of problem:

python36-impacket-0.9.22-3.el7.noarch.rpm”  package  detected as a malicious file by an Anti-virus tool 

Version-Release number of selected component (if applicable):
python36-impacket-0.9.22-3.el7

How reproducible:
When we sync EPEL repos on Red Hat Satellite 

Steps to Reproduce:
1. Create a Custom repo from https://dl.fedoraproject.org/pub/epel/7/x86_64/
2. sync the repos to store in the local filesystem
3. Scan the system through Anti-virus

Actual results:

Anti-virus/Scanner detected this package as a virus/malicious file

Expected results:

Anti-virus tools should not be detected as a virus if this package does not have any harmful content,


Additional info:

According to the RPM package details 

Python3 package of python-impacket.

Impacket is a collection of Python classes focused on providing access to
network packets. Impacket allows Python developers to craft and decode network
packets in simple and consistent manner. It is highly effective when used in
conjunction with a packet capture utility or package such as Pcapy. Packets
can be constructed from scratch, as well as parsed from raw data. Furthermore,
the object oriented API makes it simple to work with deep protocol hierarchies.
Comment 1 Michal Ambroz 2022-10-27 22:40:53 UTC 
Please can you provide more details on what exactly has been detected as malicious and by which antivirus?

Some tools from this package implement specific windows features and protocols like WMI, SMB to be called from linux system to windows environment.
I agree that some of these tools should be classified as "Potentially Unwanted Application" as they are often (mis)used by hackers for doing the remote calls to windows environment (smbexec/wmiexec/psexec/atexec).

But tools are not malicious as such and its presence or event execution on the linux system is not causing any risk to the system.
Comment 2 Fedora Update System 2022-11-08 14:20:57 UTC 
FEDORA-2022-e9313013ac has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-e9313013ac
Comment 3 Fedora Update System 2022-11-08 14:21:00 UTC 
FEDORA-EPEL-2022-00b6379660 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-00b6379660
Comment 4 Fedora Update System 2022-11-08 14:21:02 UTC 
FEDORA-EPEL-2022-212c91d943 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-212c91d943
Comment 5 Fedora Update System 2022-11-08 14:21:05 UTC 
FEDORA-EPEL-2022-364bf38f60 has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-364bf38f60
Comment 6 Fedora Update System 2022-11-09 09:17:25 UTC 
FEDORA-2022-e9313013ac has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-e9313013ac`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-e9313013ac

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2022-11-09 11:54:51 UTC 
FEDORA-EPEL-2022-364bf38f60 has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-364bf38f60

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 8 Fedora Update System 2022-11-09 12:00:35 UTC 
FEDORA-EPEL-2022-00b6379660 has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-00b6379660

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 9 Fedora Update System 2022-11-09 12:02:04 UTC 
FEDORA-EPEL-2022-212c91d943 has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-212c91d943

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 10 Fedora Update System 2022-11-17 01:27:23 UTC 
FEDORA-2022-e9313013ac has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 11 Fedora Update System 2022-11-17 03:07:52 UTC 
FEDORA-EPEL-2022-364bf38f60 has been pushed to the Fedora EPEL 9 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 12 Fedora Update System 2022-11-17 03:12:50 UTC 
FEDORA-EPEL-2022-00b6379660 has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 13 Fedora Update System 2022-11-17 03:22:47 UTC 
FEDORA-EPEL-2022-212c91d943 has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.