Hi,
Linux Malware Detect is flagging /usr/libexec/webmin/virtual-server/functional-test.pl after virtualmin installation. I cannot find anything online relating to this file.
Is this a false flag? maldetect currently has the file quarantined. Clam AV did not flag the file.
Any help would be greatly appreciated.
Thanks,
Philip
Hi,
What distro/OS are you using?
Operating system: CentOS Linux 7.0.1406
Webmin version: 1.710
Virtualmin version: 4.12 Pro
[root@web1-clstr3-useast ~]# md5sum /usr/libexec/webmin/virtual-server/functional-test.pl
23ba7e5a115fde625eb8cf0f4ce296e0 /usr/libexec/webmin/virtual-server/functional-test.plIf your MD5 is different, then that file may have been modified. Otherwise I am guessing it is a false positive.
-Dustin
Hi,
Thanks for answering. My server is running Centos 6.6. MD5 is exactly the same. I suspected it was a false positive. I checked the contents of the file and could not find anything unsavoury.
Philip
Howdy,
Yeah that file is a legitimate Virtualmin file – it looks like something in it is sparking maldet’s interest though, I’ll try and dig into that a bit. However, it just runs Virtualmin tests. I don’t think there’s a case where it’s automatically run either, I think Jamie manually runs that prior to building Virtualmin.
-Eric
Thanks for the info. I left the file in quarantine as is not affecting the running of Virtualmin.
Regards,
Philip