Red Hat Bugzilla – Bug 54948
Virus Alert, I hope it's a false alarm.
Last modified: 2007-04-18 12:37:43 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.5+) Gecko/20011013 Description of problem: Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Download above Image 2. Run virus detector Actual Results: Got virus report Expected Results: No virus detected Additional info: Will post attachment, and e-mail to Command Software to make them aware of this report.
Created attachment 34761 [details] Virus report from Command Software
Virus scanners looks at certain byte sequences for virus signatures. This drvblock.img file is used to store drivers for block devices for Red Hat Linux, so it's possible that the virus scanner picked up on something in this file, but I can reasonably assure you that there are no viruses in this file. Looks like a false alarm. Thanks for your report.
Is the virus detector suggesting that accidentally booting this image might expose the machine to a sequence of code with unknown effects, such as this code that looks like a virus trying to execute? If so, it might be better policy to make sure the boot sector is innocuous, even on drive images not meant for booting.
I have no way of knowing exactly what the virus scanner is looking for, but I ran the McAfee virus scanner on the entire distribution and it didn't find anything. The drvblock.img file isn't even bootable, so I don't see how a boot sector virus could be transmitted by a non-bootable floppy. I think the problem is that Windows software doesn't know about Linux filesystems. The drvblock.img file is an ext2 filesystem that contains driver, but I think your anti-virus software is flagging this file based on some random sequence of bytes that look suspicious only because it has no idea whan a .img file is and what it is supposed to contain.