/snap/cups/1052/scripts/port-occupied flagged as malware

OpenPrinting / cups-snap

Complete CUPS printing stack in a snap

22 stars 13 forks source link

/snap/cups/1052/scripts/port-occupied flagged as malware #21

Open jr-cobweb opened 2 weeks ago

jr-cobweb commented 2 weeks ago

Hi, /snap/cups/1052/scripts/port-occupied has been flagged as malware by our security software. I've opened the file and can see snippets like this, which look suspect:

8-8=8=H-H=H=8880hhhDDStd8880Ptd!!!44QtdRtd8-8=8=/lib64/ld-linux-x86-64.so.2 GNUGNUa|

Is this to be expected?

Version: 2.4.10-1

tillkamppeter commented 2 weeks ago

I do not see anything suspect in the snippet you are showing. Every executable built from a C source file containst the string /lib64/ld-linux-x86-64.so.2.

The source code is in the cups-snap repo: scripts/port-occupied.c and gets compiled by the build-override scriptlet of the "scripts" part in snapcraft.yaml:

  scripts:
    plugin: dump
    source: scripts/
    override-build: |
      set -eux
      gcc -o port-occupied port-occupied.c
      craftctl default

I do not see anything wrong here.