Jump to content

EFS 9.0.174.0


Go to solution Solved by Marcos,

Recommended Posts

Hi.

I updated one of my linux servers to 9.0.174.0

Now other security vendor installed on same linux server  flagged scand (/opt/eset/efs/lib/scand) as malware.

/opt/eset/efs/lib/scand; SHA265: d24beb9d51c93a497508d99605bd60d3bec3152cf115ee002a0edd78fdd2893c

VT: https://www.virustotal.com/gui/file/d24beb9d51c93a497508d99605bd60d3bec3152cf115ee002a0edd78fdd2893c

Note: I don`t use elastic, but it detected something in above VT link.

Question:

Is /opt/eset/efs/lib/scand; SHA265: d24beb9d51c93a497508d99605bd60d3bec3152cf115ee002a0edd78fdd2893c legit ESET file?

Thanks!

Link to comment
Share on other sites

  • Administrators
  • Solution

FP. The yara rule matched the EICAR test string in the raw form in the ELF file, in section .rodata. No further conditions are defined in the rule:

image.png

However, the definition of the EICAR test file reads:

Any anti-virus product that supports the EICAR test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Link to comment
Share on other sites

But its legit file: SHA265: d24beb9d51c93a497508d99605bd60d3bec3152cf115ee002a0edd78fdd2893c ?

I can`t find file list and their hashes...

Link to comment
Share on other sites

But its legit file: SHA265: d24beb9d51c93a497508d99605bd60d3bec3152cf115ee002a0edd78fdd2893c ?

I can`t find file list and their hashes...

Sorry, just downloaded installer and extracted, file hashes match.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...