Board index FlightGear Support Tools FGCom

Anti-virus shows fgcom file to be a suspected virus

FGCom is a realtime voice communication system specially designed for FlightGear.

Anti-virus shows fgcom file to be a suspected virus

Postby laughter-silvered » Mon Jan 30, 2017 5:56 pm

Hello, all. Not sure what to make us this. When running a daily virus check on my Ubuntu 16.04 LTS Linux box this morning, it came up with a files showing as /usr/games/fgcom with a status of Unix.Trojan.Mirai-5607458-4. Hoping this is a false-positive. Has anyone else ever seen anything like this pop up?
laughter-silvered
 
Posts: 1
Joined: Mon Jan 30, 2017 5:43 pm

Re: Anti-virus shows fgcom file to be a suspected virus

Postby elgaton » Mon Jan 30, 2017 8:55 pm

There are several reports of false positives related to the Trojan you mention (see e.g. this Server Fault thread).

To be on the safe side, run
Code: Select all
debsums flightgear

from the command line. This will check whether the FlightGear executable files installed on your system match the ones originally installed with the package. If an "OK" shows up on the line starting with "/usr/games/fgcom", then the warning you are seeing is definitely a false positive.
NIATCA 2nd admin, regular ATC at LIPX and creator of the LIPX custom scenery
elgaton
 
Posts: 1106
Joined: Tue Mar 19, 2013 5:58 pm
Callsign: I-ELGA/LIPX_TW
Version: Git
OS: Windows + Arch Linux

Re: Anti-virus shows fgcom file to be a suspected virus

Postby wkitty42 » Tue Jan 31, 2017 2:46 am

elgaton wrote in Mon Jan 30, 2017 8:55 pm:then the warning you are seeing is definitely a false positive.

i can tell you right now that this is a false positive... MIRAI and its variants don't work like this... they do not target certain file names... in fact, they remove themselves from the drive as soon as possible so that no one can grab a copy of the binary for dissecting... i know this because one of my day jobs is network security... another is because i'm one of the folks that discovered MIRAI because of its activity*... a 3rd reason is because i have a copy or two of the MIRAI source code that was leaked and there's definitely no code in it for something like this... so, depending on what the scanner is looking for, in general terms, yeah, it is a false positive...

* i am an old school BBS sysop... BBSing is what we did before the internet was opened for public infestation, uh... i mean, use... i still run my BBS and it is still available via dialup as well as also telnet... MIRAI and its variants target port 23, the telnet port, as well as 2323 and at least two other ports... they, the MIRAI bot herders, are only interested in IOT devices with exposed public access to those ports and using default administrative credentials...
"You get more air close to the ground," said Angalo. "I read that in a book. You get lots of air low down, and not much when you go up."
"Why not?" said Gurder.
"Dunno. It's frightened of heights, I guess."
User avatar
wkitty42
 
Posts: 9146
Joined: Fri Feb 20, 2015 4:46 pm
Location: central NC, USA
Callsign: wk42
Version: git next
OS: Kubuntu 20.04


Return to FGCom

Who is online

Users browsing this forum: No registered users and 1 guest