Closed samkhan13 closed 2 years ago
hmtheboy154
commented
2 years ago It might be because BlissOS 11.13 contain an old version of Gearlock, or your PC got infected with something
I tried to pick up a file in the list core/smark.src/5 and all the antivirus scan report safe, even Kas
https://www.virustotal.com/gui/url/9feb71e675afd2c8d5d1b4b016363cdaac892aaffad321a7eb42ab8c551de6bf?nocache=1
axonasif
commented
2 years ago Irony, it's assuming a bunch of plain bash scripts as viruses, which in fact are readable code and not even compiled executables.
I don't have access to a windows machine ATM to look over this, sorry. Although I should note that any Linux specific program such a gearlock can't run under windows normally, so nothing to worry about even if this isn't a false alert
axonasif
commented
2 years ago It might be because BlissOS 11.13 contain an old version of Gearlock.
It's actually not. OhMyRam(a file with this name exists in his screenshot) feature was added in a very recent version of gearlock.
hmtheboy154
commented
2 years ago It might be because BlissOS 11.13 contain an old version of Gearlock.
It's actually not.
OhMyRam(a file with this name exists in his screenshot) feature was added in a very recent version of gearlock.
But it's 11.13, weird
axonasif
commented
2 years ago It might be because BlissOS 11.13 contain an old version of Gearlock.
It's actually not.
OhMyRam(a file with this name exists in his screenshot) feature was added in a very recent version of gearlock.But it's 11.13, weird
After looking at the logs, OhMyRam feature was added on 6.8.9 release, so it's either exactly that version or above.
axonasif
commented
2 years ago Another thing worth nothing is that any file being uploaded to sourceforge gets scanned before actually appearing publicly. Ref: https://sourceforge.net/blog/sourceforge-now-scans-all-projects-for-malware-and-displays-warnings-on-downloads/
samkhan13
commented
2 years ago thank you for looking into this. Bliss OS team's github page isn't allowing me to open an issue there. The compiled iso was indeed being detected as a trojan virus but it's a false detection. The iso file was to be used in a virtual machine so it wouldn't have been any kind of a problem for the base OS. This issue can be closed. Thanks again for looking into it :)
Describe the bug
Kaspersky detected a number of Gearlock components as a virus titled
Trojan.Linux.Fubas.ain "Bliss-v11.13--OFFICIAL-20201113-1525_x86_64_k-k4.19.122-ax86-ga-rmi_m-20.1.0-llvm90_dgc-t3_gms_intelhd.iso"To Reproduce Steps to reproduce the behavior: Use Kaspersky Total Security to scan the above mentioned iso that was downloaded from https://blissos.org/
Expected behavior
An antivirus scanner shouldn't find a viral signature within packaged and promoted software. Kaspersky appears to think of various components of Gearlock as parts of a rootkit.
Desktop (please complete the following information):
GearDump logs
Not Applicable
Additional context
Routine antivirus scan detected the issue.
Screenshots