Bug 54948 - Virus Alert, I hope it's a false alarm.
Summary: Virus Alert, I hope it's a false alarm.
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: anaconda
Version: 7.2
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Brent Fox
QA Contact: Brock Organ
URL: ftp://ftp.redhat.com/pub/redhat/linux...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-10-23 16:42 UTC by Peter H. Jones
Modified: 2007-04-18 16:37 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2001-10-23 16:43:57 UTC
Embargoed:


Attachments (Terms of Use)
Virus report from Command Software (777 bytes, text/plain)
2001-10-23 16:43 UTC, Peter H. Jones
no flags Details

Description Peter H. Jones 2001-10-23 16:42:20 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.5+) Gecko/20011013

Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Download above Image
2. Run virus detector

	

Actual Results:  Got virus report

Expected Results:  No virus detected

Additional info:

Will post attachment, and e-mail to Command Software to make them aware of
this report.

Comment 1 Peter H. Jones 2001-10-23 16:43:50 UTC
Created attachment 34761 [details]
Virus report from Command Software

Comment 2 Brent Fox 2001-10-23 18:57:10 UTC
Virus scanners looks at certain byte sequences for virus signatures.  This
drvblock.img file is used to store drivers for block devices for Red Hat Linux,
so it's possible that the virus scanner picked up on something in this file, but
I can reasonably assure you that there are no viruses in this file.  Looks like
a false alarm.  Thanks for your report.



Comment 3 Peter H. Jones 2001-10-24 09:28:20 UTC
Is the virus detector suggesting that accidentally booting this image might
expose the machine to a sequence of code with unknown effects, such as this code
that looks like a virus trying to execute? If so, it might be better policy to
make sure the boot sector is innocuous, even on drive images not meant for booting.

Comment 4 Brent Fox 2001-10-24 14:51:04 UTC
I have no way of knowing exactly what the virus scanner is looking for, but I
ran the McAfee virus scanner on the entire distribution and it didn't find
anything.  The drvblock.img file isn't even bootable, so I don't see how a boot
sector virus could be transmitted by a non-bootable floppy.
I think the problem is that Windows software doesn't know about Linux
filesystems.  The drvblock.img file is an ext2 filesystem that contains driver,
but I think your anti-virus software is flagging this file based on some random
sequence of bytes that look suspicious only because it has no idea whan a .img
file is and what it is supposed to contain.


Note You need to log in before you can comment on or make changes to this bug.