New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 782143 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Nov 2017
Cc:
elawrence@chromium.org
susanjuniab@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Anti virus software ClamAV is showing chromium-browser may have Unix Trojan Mirai

Reported by pugsley....@gmail.com, Nov 7 2017 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.75 Chrome/62.0.3202.75 Safari/537.36

Steps to reproduce the problem:
1. Perform anti virus search using ClamAV 
- In a terminal run clamscan

What is the expected behavior?
No 

What went wrong?
Clam AV Results report 
- /usr/lib/chromium-browser/chromium-browser: Unix.Trojan.Mirai-5932143-0 FOUND

Did this work before? N/A 

Chrome version: 62.0.3202.75  Channel: n/a
OS Version: Ubuntu 16.04 LTS
Flash Version: 

I have reinstalled chromium-browser from the Ubuntu repository
I have tried this on another machine with a very similar set up and get the same results.

Comment 1 by pugsley....@gmail.com, Nov 7 2017 

I am using ClamAV Engine version: 0.99.2

Comment 2 by dtapu...@chromium.org, Nov 8 2017

Labels: -Type-Bug Type-Bug-Security
Have you consulted: https://ubuntuforums.org/showthread.php?t=2376007

Comment 3 by elawrence@chromium.org, Nov 8 2017

Labels: -Type-Bug-Security Type-Bug
False Positive reports from AV packages do not represent a security bug in Chromium.

https://www.google.com/search?q=Unix.Trojan.Mirai+chromium

Comment 4 by pugsley....@gmail.com, Nov 8 2017 

The Ubuntu forums post https://ubuntuforums.org/showthread.php?t=2376007 was made by me

Comment 5 by pugsley....@gmail.com, Nov 8 2017 

How can I be sure this is a False Positive

Comment 6 by susanjuniab@chromium.org, Nov 10 2017

Cc: susanjuniab@chromium.org elawrence@chromium.org
Labels: Needs-Triage-M62 Needs-Feedback
elawrence@ Can you please reply to comment #5, which will help in further triaging..

Thanks

Comment 7 by elawrence@chromium.org, Nov 10 2017 

Chromium itself doesn't contain malicious code. While it's remotely possible that this particular user has a virus which has landed itself in his Chromium directory, other signs (users with similar symptoms) strongly suggest that this is a false positive in ClamAV. The best route forward is to have the ClamAV customer contact ClamAV for assistance.

Comment 8 by elawrence@chromium.org, Nov 10 2017

Status: WontFix (was: Unconfirmed)
This particular user seems to have resolved the problem by reinstalling Chromium (https://ubuntuforums.org/showthread.php?t=2376007&p=13705418#post13705418) so unless more users happen to report the same thing, I don't think there's anything more the Chrome team should do here.

Sign in to add a comment