Virtualmin file being flagged as malware


Linux Malware Detect is flagging /usr/libexec/webmin/virtual-server/ after virtualmin installation. I cannot find anything online relating to this file.

Is this a false flag? maldetect currently has the file quarantined. Clam AV did not flag the file.

Any help would be greatly appreciated.




What distro/OS are you using?

Operating system: CentOS Linux 7.0.1406
Webmin version: 1.710
Virtualmin version: 4.12 Pro

[root@web1-clstr3-useast ~]# md5sum /usr/libexec/webmin/virtual-server/
23ba7e5a115fde625eb8cf0f4ce296e0  /usr/libexec/webmin/virtual-server/

If your MD5 is different, then that file may have been modified. Otherwise I am guessing it is a false positive.



Thanks for answering. My server is running Centos 6.6. MD5 is exactly the same. I suspected it was a false positive. I checked the contents of the file and could not find anything unsavoury.



Yeah that file is a legitimate Virtualmin file – it looks like something in it is sparking maldet’s interest though, I’ll try and dig into that a bit. However, it just runs Virtualmin tests. I don’t think there’s a case where it’s automatically run either, I think Jamie manually runs that prior to building Virtualmin.


Thanks for the info. I left the file in quarantine as is not affecting the running of Virtualmin.