Jump to content


Go to solution Solved by Marcos,

Recommended Posts


I updated one of my linux servers to

Now other security vendor installed on same linux server  flagged scand (/opt/eset/efs/lib/scand) as malware.

/opt/eset/efs/lib/scand; SHA265: d24beb9d51c93a497508d99605bd60d3bec3152cf115ee002a0edd78fdd2893c

VT: https://www.virustotal.com/gui/file/d24beb9d51c93a497508d99605bd60d3bec3152cf115ee002a0edd78fdd2893c

Note: I don`t use elastic, but it detected something in above VT link.


Is /opt/eset/efs/lib/scand; SHA265: d24beb9d51c93a497508d99605bd60d3bec3152cf115ee002a0edd78fdd2893c legit ESET file?


Link to comment
Share on other sites

  • Administrators
  • Solution

FP. The yara rule matched the EICAR test string in the raw form in the ELF file, in section .rodata. No further conditions are defined in the rule:


However, the definition of the EICAR test file reads:

Any anti-virus product that supports the EICAR test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long:


Link to comment
Share on other sites

But its legit file: SHA265: d24beb9d51c93a497508d99605bd60d3bec3152cf115ee002a0edd78fdd2893c ?

I can`t find file list and their hashes...

Sorry, just downloaded installer and extracted, file hashes match.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...