Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 54948 - Virus Alert, I hope it's a false alarm.
Virus Alert, I hope it's a false alarm.
Product: Red Hat Linux
Classification: Retired
Component: anaconda (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Brent Fox
Brock Organ
: Security
Depends On:
  Show dependency treegraph
Reported: 2001-10-23 12:42 EDT by Peter H. Jones
Modified: 2007-04-18 12:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-10-23 12:43:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Virus report from Command Software (777 bytes, text/plain)
2001-10-23 12:43 EDT, Peter H. Jones
no flags Details

  None (edit)
Description Peter H. Jones 2001-10-23 12:42:20 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.5+) Gecko/20011013

Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Download above Image
2. Run virus detector


Actual Results:  Got virus report

Expected Results:  No virus detected

Additional info:

Will post attachment, and e-mail to Command Software to make them aware of
this report.
Comment 1 Peter H. Jones 2001-10-23 12:43:50 EDT
Created attachment 34761 [details]
Virus report from Command Software
Comment 2 Brent Fox 2001-10-23 14:57:10 EDT
Virus scanners looks at certain byte sequences for virus signatures.  This
drvblock.img file is used to store drivers for block devices for Red Hat Linux,
so it's possible that the virus scanner picked up on something in this file, but
I can reasonably assure you that there are no viruses in this file.  Looks like
a false alarm.  Thanks for your report.

Comment 3 Peter H. Jones 2001-10-24 05:28:20 EDT
Is the virus detector suggesting that accidentally booting this image might
expose the machine to a sequence of code with unknown effects, such as this code
that looks like a virus trying to execute? If so, it might be better policy to
make sure the boot sector is innocuous, even on drive images not meant for booting.
Comment 4 Brent Fox 2001-10-24 10:51:04 EDT
I have no way of knowing exactly what the virus scanner is looking for, but I
ran the McAfee virus scanner on the entire distribution and it didn't find
anything.  The drvblock.img file isn't even bootable, so I don't see how a boot
sector virus could be transmitted by a non-bootable floppy.
I think the problem is that Windows software doesn't know about Linux
filesystems.  The drvblock.img file is an ext2 filesystem that contains driver,
but I think your anti-virus software is flagging this file based on some random
sequence of bytes that look suspicious only because it has no idea whan a .img
file is and what it is supposed to contain.

Note You need to log in before you can comment on or make changes to this bug.