Jump to content

EFS 9.0.174.0


Go to solution Solved by Marcos,

Recommended Posts

Hi.

I updated one of my linux servers to 9.0.174.0

Now other security vendor installed on same linux server  flagged scand (/opt/eset/efs/lib/scand) as malware.

/opt/eset/efs/lib/scand; SHA265: d24beb9d51c93a497508d99605bd60d3bec3152cf115ee002a0edd78fdd2893c

VT: https://www.virustotal.com/gui/file/d24beb9d51c93a497508d99605bd60d3bec3152cf115ee002a0edd78fdd2893c

Note: I don`t use elastic, but it detected something in above VT link.

Question:

Is /opt/eset/efs/lib/scand; SHA265: d24beb9d51c93a497508d99605bd60d3bec3152cf115ee002a0edd78fdd2893c legit ESET file?

Thanks!

Link to comment
Share on other sites

  • Administrators
  • Solution

FP. The yara rule matched the EICAR test string in the raw form in the ELF file, in section .rodata. No further conditions are defined in the rule:

image.png

However, the definition of the EICAR test file reads:

Any anti-virus product that supports the EICAR test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Link to comment
Share on other sites

But its legit file: SHA265: d24beb9d51c93a497508d99605bd60d3bec3152cf115ee002a0edd78fdd2893c ?

I can`t find file list and their hashes...

Link to comment
Share on other sites

But its legit file: SHA265: d24beb9d51c93a497508d99605bd60d3bec3152cf115ee002a0edd78fdd2893c ?

I can`t find file list and their hashes...

Sorry, just downloaded installer and extracted, file hashes match.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...