Red Hat Bugzilla – Bug 54948
Virus Alert, I hope it's a false alarm.
Last modified: 2007-04-18 12:37:43 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.5+) Gecko/20011013
Description of problem:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Download above Image
2. Run virus detector
Actual Results: Got virus report
Expected Results: No virus detected
Will post attachment, and e-mail to Command Software to make them aware of
Created attachment 34761 [details]
Virus report from Command Software
Virus scanners looks at certain byte sequences for virus signatures. This
drvblock.img file is used to store drivers for block devices for Red Hat Linux,
so it's possible that the virus scanner picked up on something in this file, but
I can reasonably assure you that there are no viruses in this file. Looks like
a false alarm. Thanks for your report.
Is the virus detector suggesting that accidentally booting this image might
expose the machine to a sequence of code with unknown effects, such as this code
that looks like a virus trying to execute? If so, it might be better policy to
make sure the boot sector is innocuous, even on drive images not meant for booting.
I have no way of knowing exactly what the virus scanner is looking for, but I
ran the McAfee virus scanner on the entire distribution and it didn't find
anything. The drvblock.img file isn't even bootable, so I don't see how a boot
sector virus could be transmitted by a non-bootable floppy.
I think the problem is that Windows software doesn't know about Linux
filesystems. The drvblock.img file is an ext2 filesystem that contains driver,
but I think your anti-virus software is flagging this file based on some random
sequence of bytes that look suspicious only because it has no idea whan a .img
file is and what it is supposed to contain.