Virtualmin file being flagged as malware

5 posts / 0 new
Topic locked
Last post
#1 Sun, 11/30/2014 - 06:27
Philip B
Philip B's picture

Virtualmin file being flagged as malware

Hi,

Linux Malware Detect is flagging /usr/libexec/webmin/virtual-server/functional-test.pl after virtualmin installation. I cannot find anything online relating to this file.

Is this a false flag? maldetect currently has the file quarantined. Clam AV did not flag the file.

Any help would be greatly appreciated.

Thanks,

Philip

Sun, 11/30/2014 - 15:28
ReArmedHalo

Hi,

What distro/OS are you using?

Operating system: CentOS Linux 7.0.1406 Webmin version: 1.710 Virtualmin version: 4.12 Pro

[root@web1-clstr3-useast ~]# md5sum /usr/libexec/webmin/virtual-server/functional-test.pl
23ba7e5a115fde625eb8cf0f4ce296e0  /usr/libexec/webmin/virtual-server/functional-test.pl

If your MD5 is different, then that file may have been modified. Otherwise I am guessing it is a false positive.

-Dustin

Mon, 12/01/2014 - 01:25 (Reply to #2)
Philip B
Philip B's picture

Hi,

Thanks for answering. My server is running Centos 6.6. MD5 is exactly the same. I suspected it was a false positive. I checked the contents of the file and could not find anything unsavoury.

Philip

Mon, 12/01/2014 - 10:14
andreychek

Howdy,

Yeah that file is a legitimate Virtualmin file -- it looks like something in it is sparking maldet's interest though, I'll try and dig into that a bit. However, it just runs Virtualmin tests. I don't think there's a case where it's automatically run either, I think Jamie manually runs that prior to building Virtualmin.

-Eric

Mon, 12/01/2014 - 11:47
Philip B
Philip B's picture

Thanks for the info. I left the file in quarantine as is not affecting the running of Virtualmin.

Regards,

Philip

Topic locked