Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: icpix on September 17, 2004, 10:05:25 AM

Title: Trojan.URLspoof.gen FOUND ...false positive?
Post by: icpix on September 17, 2004, 10:05:25 AM

(clamav Virus patterns last updated: Fri, 17 Sep 2004 00:00:01 +0100 )

-----------------------------
CLAMAV REPORT:

To: admin@foo.co.uk
Subject: [systa] Clam Antivirus Scan Results - Fri Sep 17 00:00:00 BST 2004
From: root@foo.co.uk
Date: 16 Sep 2004 23:33:51 -0000

//var/spool/squid/00/05/000005AC: Trojan.URLspoof.gen FOUND
//var/spool/squid/00/0D/00000DBC: Trojan.URLspoof.gen FOUND
//var/spool/squid/00/0E/00000EE4: Trojan.URLspoof.gen FOUND
//var/www/html/manual/mod/mod_ssl/ssl_faq.html: Trojan.URLspoof.gen FOUND
//var/www/html/manual/mod/mod_ssl/ssl_howto.html: Trojan.URLspoof.gen FOUND
//var/www/html/manual/mod/mod_ssl/ssl_intro.html: Trojan.URLspoof.gen FOUND
//var/www/html/manual/mod/mod_ssl/ssl_reference.html: Trojan.URLspoof.gen FOUND
//tmp/phpa/phpa_2051_456560: Trojan.URLspoof.gen FOUND
//etc/e-smith/web/common/head.tmpl: Trojan.URLspoof.gen FOUND
//usr/bin/openssl: Trojan.URLspoof.gen FOUND
//usr/bin/lynx: Trojan.URLspoof.gen FOUND
//usr/bin/php: Trojan.URLspoof.gen FOUND
//usr/lib/perl5/5.6.1/CGI.pm: Trojan.URLspoof.gen FOUND
//usr/lib/python2.2/urllib2.py: Trojan.URLspoof.gen FOUND
//usr/lib/apache/libphp4.so: Trojan.URLspoof.gen FOUND
//usr/share/doc/fetchmail-5.9.0/fetchmail-FAQ.html: Trojan.URLspoof.gen FOUND
//usr/share/doc/LPRng-3.8.9/LPRng-HOWTO.html: Trojan.URLspoof.gen FOUND
//usr/share/doc/squid-2.4.STABLE6/FAQ.sgml: Trojan.URLspoof.gen FOUND
//usr/share/doc/lynx-2.8.4/lynx_help/Lynx_users_guide.html: Trojan.URLspoof.gen FOUND
//usr/share/doc/mutt-1.2.5.1/manual.txt: Trojan.URLspoof.gen FOUND
//usr/share/doc/mysql-3.23.56/INSTALL-SOURCE: Trojan.URLspoof.gen FOUND
//usr/share/doc/mysql-3.23.56/manual.html: Trojan.URLspoof.gen FOUND
//usr/share/doc/mysql-3.23.56/manual.texi: Trojan.URLspoof.gen FOUND
//usr/share/doc/mysql-3.23.56/manual.txt: Trojan.URLspoof.gen FOUND
//usr/share/doc/isdn4k-utils-3.1/i4lfaq-de.sgml: Trojan.URLspoof.gen FOUND
//usr/share/doc/isdn4k-utils-3.1/i4lfaq.sgml: Trojan.URLspoof.gen FOUND
//usr/share/doc/isdn4k-utils-3.1/i4lfaq.txt: Trojan.URLspoof.gen FOUND
//usr/share/doc/ImageMagick-5.5.7/www/cvs.html: Trojan.URLspoof.gen FOUND
//usr/share/doc/ImageMagick-5.5.7/www/utilities.html: Trojan.URLspoof.gen FOUND
//usr/share/doc/php-4.3.8/NEWS: Trojan.URLspoof.gen FOUND
//usr/share/man/man3/CGI.3pm.gz: Trojan.URLspoof.gen FOUND
//usr/share/info/mysql.info.gz: Trojan.URLspoof.gen FOUND
//usr/share/pear/PEAR/Common.php: Trojan.URLspoof.gen FOUND
//usr/share/ImageMagick-5.5.7/www/cvs.html: Trojan.URLspoof.gen FOUND
//usr/share/ImageMagick-5.5.7/www/utilities.html: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/Primary/files/10-geeklog/geeklog-1.3.9sr1/public_html/lib-common.php: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/Primary/files/10-geeklog/geeklog-1.3.9sr1/public_html/admin/install/install.php: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/Primary/files/10-geeklog/geeklog-1.3.9sr1/docs/config.html: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/Primary/files/10-geeklog/geeklog-1.3.9sr1/docs/install.html: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/Primary/files/10-geeklog/geeklog-pear.tar/PEAR/Common.php: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/Primary/files/10-geeklog/old/geeklog.viewtopic.php.html: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/Primary/files/15-update-PEAR-for-GeekLog/pear/PEAR/Common.php: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/bb/files/docs/config.html: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/bb/files/docs/install.html: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/bb/files/system/pear/PEAR/Common.php: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/bb/html/gallery/util.php: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/bb/html/gallery/buryanblues.jic/util.php.143pl2.bb: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/bb/html/gallery/docs/gallery1-install.faq.c.html: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/bb/html/gallery/docs/g1package/gallery1-install.faq.c.html: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/bb/html/gallery/util.php.144.bb: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/bb/html/lib-common.php: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/gl/files/docs/config.html: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/gl/files/docs/install.html: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/gl/files/system/pear/PEAR/Common.php: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/gl/html/lib-common.php: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/ic/files/system/pear/PEAR/Common.php: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/ic/files/docs/config.html: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/ic/files/docs/install.html: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/ic/html/gallery/util.php: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/ic/html/gallery/docs/gallery1-install.faq.c.html: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/ic/html/gallery/docs/g1package/gallery1-install.faq.c.html: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/ic/html/gallery/util.php.144.icpix: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/ic/html/lib-common.php: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/ic/html/admin/install/install.php: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/scc/files/gm-library.cgi.unedited: Trojan.URLspoof.gen FOUND
//home/e-smith/files/ibays/scc/files/gm-library.cgi.edited: Trojan.URLspoof.gen FOUND
//opt/administration/phpsysinfo/includes/XPath.class.php: Trojan.URLspoof.gen FOUND
//opt/phpMyAdmin/Documentation.html: Trojan.URLspoof.gen FOUND
//opt/phpMyAdmin/libraries/common.lib.php: Trojan.URLspoof.gen FOUND
//opt/phpMyAdmin/sql.php: Trojan.URLspoof.gen FOUND

----------- SCAN SUMMARY -----------
Known viruses: 24707
Scanned directories: 10447
Scanned files: 112763
Infected files: 70
Data scanned: 2276.68 MB
I/O buffer size: 131072 bytes
Time: 2031.090 sec (33 m 51 s)
-----------------------------

Apparently my server now has some 70 files reporting a positive for this trojan and I have little idea how this occurred;~/ Has anyone else seen this on their server? Is this a false positive?

best wishes, Robert