Malware a usar flatpak oficial de retroarch (solucionado falso positivo)

Archivado
Hola chicos hoy he examinado mi home y me ha detecto 59 positivos en el directorio flatpak.

OST:      akaelover
SCAN ID:   200914-1941.3696
STARTED:   sep 14 2020 19:41:08 +0000
COMPLETED: sep 14 2020 20:35:47 +0000
ELAPSED:   3279s [find: 1s]

PATH:          /home/elover
TOTAL FILES:   386905
TOTAL HITS:    53
TOTAL CLEANED: 0

FILE HIT LIST:
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/68/d435593b7d6a1ca30ceeabacd2a955fb5c73b564e2b7cd1582ab3f678315bc.file => /usr/local/maldetect/quarantine/d435593b7d6a1ca30ceeabacd2a955fb5c73b564e2b7cd1582a>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/1b/254a1ce84194f2b955a84f709be0f5c8724632eada7e9b9fd283befc8d61f2.file => /usr/local/maldetect/quarantine/254a1ce84194f2b955a84f709be0f5c8724632eada7e9b9fd28>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/4b/30330ff0b138f5ac7075fcb45e49f4ef8fb7dd1fc14dce535595852f251706.file => /usr/local/maldetect/quarantine/30330ff0b138f5ac7075fcb45e49f4ef8fb7dd1fc14dce53559>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/44/bdf9b7112488c55c8131d29670c44b4a3e5d79149e7c9a8976ca20273a7c97.file => /usr/local/maldetect/quarantine/bdf9b7112488c55c8131d29670c44b4a3e5d79149e7c9a8976c>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/44/4455cfea1298e8a818063bb86eb94f224897a1a1d01f8c655440d29ddc26e9.file => /usr/local/maldetect/quarantine/4455cfea1298e8a818063bb86eb94f224897a1a1d01f8c65544>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/87/bb513d418c89224b35d5d19f39f3663ad537e8c5ac61e7d432e121c8e4ee7c.dirtree => /usr/local/maldetect/quarantine/bb513d418c89224b35d5d19f39f3663ad537e8c5ac61e7d4>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/8d/31bb496d80349e67d5455844702a3715abba306febe27606f863976a962884.dirtree => /usr/local/maldetect/quarantine/31bb496d80349e67d5455844702a3715abba306febe27606>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/8d/aa8a4612d2a493bcce3ae4684af6a1f60e8cff50058ab6e8797ea40e2e67e4.dirtree => /usr/local/maldetect/quarantine/aa8a4612d2a493bcce3ae4684af6a1f60e8cff50058ab6e8>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/24/088897dc0369516979d3c909e433d77b9323661390c4a866b8d823a5d39b71.file => /usr/local/maldetect/quarantine/088897dc0369516979d3c909e433d77b9323661390c4a866b8d>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/db/3a8ac6ca6101d997adb67a0c6d90fabd7b77370cf7c810d1d965263d68ae5e.file => /usr/local/maldetect/quarantine/3a8ac6ca6101d997adb67a0c6d90fabd7b77370cf7c810d1d96>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/dd/1253dc3fef75ece1c185a1b997da73b64ee5dc8df82355cca6244401813100.dirtree => /usr/local/maldetect/quarantine/1253dc3fef75ece1c185a1b997da73b64ee5dc8df82355cc>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/40/fbab7b86889eed8b5cb7337b3e4389767a8def71f5a1282dd744010092ca84.file => /usr/local/maldetect/quarantine/fbab7b86889eed8b5cb7337b3e4389767a8def71f5a1282dd74>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/40/4161a1a77da34b7eed77221681dff8e24079086254cf77f7b5e3a2aa61e99e.file => /usr/local/maldetect/quarantine/4161a1a77da34b7eed77221681dff8e24079086254cf77f7b5e>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/95/ee5cf07337ff39ac906f452581cef7e0957c837abc2b2cc2cc1dfbcece3c4b.file => /usr/local/maldetect/quarantine/ee5cf07337ff39ac906f452581cef7e0957c837abc2b2cc2cc1>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/d9/9f87e93ef65c7514d84c8399f854608ead50dfb9bdbb21e98a42d943733671.dirtree => /usr/local/maldetect/quarantine/9f87e93ef65c7514d84c8399f854608ead50dfb9bdbb21e9>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/f0/569f15c5c425768d7f8c61dc12cf7e3d675f5d37224aa83178e9e4f9212ae0.file => /usr/local/maldetect/quarantine/569f15c5c425768d7f8c61dc12cf7e3d675f5d37224aa83178e>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/28/e66c2e0fe0b235f90d2297e9f72a5b96d97c18c8310cab1de8bd85810fbcdf.file => /usr/local/maldetect/quarantine/e66c2e0fe0b235f90d2297e9f72a5b96d97c18c8310cab1de8b>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/9a/a885bc35248c8a714c53e42210a16b48d074d0cfa9ad5a21e7fa4eecd315e3.file => /usr/local/maldetect/quarantine/a885bc35248c8a714c53e42210a16b48d074d0cfa9ad5a21e7f>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/7f/57be8c089cd66d81efedc18389f4fe38dedc9c33f9b5678bedcab7daef3a26.dirtree => /usr/local/maldetect/quarantine/57be8c089cd66d81efedc18389f4fe38dedc9c33f9b5678b>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/52/1fdbe47cc9e5e7bb6f5d5a1308ea88500d327c90ec53ec99f13c7a44c23ff2.dirtree => /usr/local/maldetect/quarantine/1fdbe47cc9e5e7bb6f5d5a1308ea88500d327c90ec53ec99>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/91/8b879bf878d9e5d495a62b82b0a042a8e5d7e51e77af924d403671f4215c80.file => /usr/local/maldetect/quarantine/8b879bf878d9e5d495a62b82b0a042a8e5d7e51e77af924d403>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/91/18c993b48f79893af5dd46d72c2f6683a5dc22eee4393548e7bca9b624205e.file => /usr/local/maldetect/quarantine/18c993b48f79893af5dd46d72c2f6683a5dc22eee4393548e7b>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/2a/f9dbaff0ad44874e3de8c7ad9fe1e7eef9f93f1a700ae139eb9c24befe4185.dirtree => /usr/local/maldetect/quarantine/f9dbaff0ad44874e3de8c7ad9fe1e7eef9f93f1a700ae139>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/55/c28062d1903e7638052a0abe5800ce258ed63162bff27ad1505b2fb2c0b67f.file => /usr/local/maldetect/quarantine/c28062d1903e7638052a0abe5800ce258ed63162bff27ad1505>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/f4/0b28026b72b1b4e942515aaf18ea9b3929749e2e7d7cc294350baf47cb20ac.dirtree => /usr/local/maldetect/quarantine/0b28026b72b1b4e942515aaf18ea9b3929749e2e7d7cc294>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/c3/64138c17a81501787f2e51855e216ab9bec77a5710a7a3face52feb7603edc.file => /usr/local/maldetect/quarantine/64138c17a81501787f2e51855e216ab9bec77a5710a7a3face5>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_cg/crt/crt-royale-pal-r57sh>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_cg/pal/pal-r57shell-moire-o>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_cg/pal/pal-r57shell-nes-svi>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_cg/pal/pal-r57shell.cgp => >
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_glsl/crt/crt-royale-pal-r57>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_glsl/pal/pal-r57shell-moire>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_glsl/pal/pal-r57shell.glslp>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_slang/crt/crt-royale-pal-r5>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_slang/pal/pal-r57shell-moir>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_slang/pal/pal-r57shell.slan>
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/36/103136_r0 => /usr/local/maldetect/quarantine/103136_r0.1059517440
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/34/100034_r0 => /usr/local/maldetect/quarantine/100034_r0.77544180
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/52/93452_r0 => /usr/local/maldetect/quarantine/93452_r0.1476430241
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/66/79166_r0 => /usr/local/maldetect/quarantine/79166_r0.3199130321
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/36/103136_r0 => /usr/local/maldetect/quarantine/103136_r0.1059517440
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/34/100034_r0 => /usr/local/maldetect/quarantine/100034_r0.77544180
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/52/93452_r0 => /usr/local/maldetect/quarantine/93452_r0.1476430241
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/66/79166_r0 => /usr/local/maldetect/quarantine/79166_r0.3199130321
{YARA}r57shell_php_php : /home/elover/.config/retroarch/shaders/shaders_glsl/crt/crt-royale-pal-r57shell.glslp => /usr/local/maldetect/quarantine/crt-royale-pal-r57shell.glslp.1354526064
{YARA}r57shell_php_php : /home/elover/.config/retroarch/shaders/shaders_glsl/pal/pal-r57shell-moire-only.glslp => /usr/local/maldetect/quarantine/pal-r57shell-moire-only.glslp.18009550
{YARA}r57shell_php_php : /home/elover/.config/retroarch/shaders/shaders_glsl/pal/pal-r57shell.glslp => /usr/local/maldetect/quarantine/pal-r57shell.glslp.640116414
{YARA}r57shell_php_php : /home/elover/.config/retroarch/shaders/shaders_glsl/pal/shaders/pal-r57shell-moire-only.glsl => /usr/local/maldetect/quarantine/pal-r57shell-moire-only.glsl.262031855
{YARA}r57shell_php_php : /home/elover/.config/retroarch/shaders/shaders_glsl/pal/shaders/pal-r57shell.glsl => /usr/local/maldetect/quarantine/pal-r57shell.glsl.485916567
{HEX}php.gzbase64.inject.452 : /home/elover/maldetect-current.tar.gz => /usr/local/maldetect/quarantine/maldetect-current.tar.gz.1765112473
{HEX}php.gzbase64.inject.452 : /home/elover/maldetect-1.6.4/files/clean/gzbase64.inject.unclassed => /usr/local/maldetect/quarantine/gzbase64.inject.unclassed.25823333
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /home/elover/maldetect-1.6.4/files/sigs/hex.dat => /usr/local/maldetect/quarantine/hex.dat.286401638
{HEX}php.gzbase64.inject.452 : /home/elover/maldetect-1.6.4/files/sigs/rfxn.yara => /usr/local/maldetect/quarantine/rfxn.yara.527214778
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /home/elover/maldetect-1.6.4/files/sigs/rfxn.ndb => /usr/local/maldetect/quarantine/rfxn.ndb.3148824650
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /home/elover/maldetect-1.6.4/files/sigs/rfxn.hdb => /usr/local/maldetect/quarantine/rfxn.hdb.2153115382
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /home/elover/maldetect-1.6.4/files/sigs/md5v2.dat => /usr/local/maldetect/quarantine/md5v2.dat.191899530
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /home/elover/maldetect-1.6.4/files/sigs/md5.dat => /usr/local/maldetect/quarantine/md5.dat.363930883
===============================================
Linux Malware Detect v1.6.4 < proj@rfxn.com >
jajaja.......
Parallax Snake escribió:jajaja.......

Sabes que faltpak usa contenedores? y permisos de usuario.... y que esta totalmente aislada del sistema no? como nunca lees [chulito]
(mensaje borrado)
Entonces para que entras a comentar? para comerte un reporte?
Brutico escribió:Entonces para que entras a comentar? para comerte un reporte?

Comento porque me da la gana, porque esto es un foro publico en donde CUALQUIERA puede decir lo que quiera, y si no quieres que se comente... ya sabes.

Eso para empezar, aparte de que si como dices "esta totalmente aislada del sistema".... no veo el problema entonces, borras, reinstalas y listo
¿Podrían ser programas legítimos que usen usen partes "compatibles" con malware?
Te pongo un ejemplo, que creo que me he explicado fatal: si pones en un contenedor un minador de moneros, es posible que el programa que hayas usado lo tome como positivo precisamente por ser un minador, aunque esté puesto adrede y sea legítimo.
Puede que esté reconociendo las bios o algo así como malware.

Brutico escribió:Sabes que faltpak usa contenedores? y permisos de usuario.... y que esta totalmente aislada del sistema no? como nunca lees [chulito]


Si, pero eso no garantiza nada. Si le das permiso para acceder, p.e., al sistema de archivos, lo tiene todo el contenedor, no solo una parte, incluido el posible malware. O si lo ejecutas, aunque funcionen los emuladores, el posible malware se puede poner a minar.
@Esog Enaug Gracias por comentar.

Pasos que he echo:

Todos los archivos están en cuarentena.

Desintalar retroarch y sus dependencias del propio flatpak.

Borrar los directorios donde flatak trabajaba, en el log eran en mi home.

Que mas puedo hacer?
Parallax Snake escribió:Comento porque me da la gana, porque esto es un foro publico en donde CUALQUIERA puede decir lo que quiera, y si no quieres que se comente... ya sabes.



Lo que te de la gana cumpliendo las normas. Si no puedes ayudar al compañero, no hace falta que postees.
Brutico escribió:Que mas puedo hacer?

Instalarte W10

PD: Ahora avisa a "mamá"



@[erick] No he incumplido las normas, ninguna de ellas ya que no le he insultado, ni faltado al respeto ni nada, creo que puedo comentar lo que sea siempre que me ciña a las normas establecidas del foro, ya que no hay nada en las normas que diga que si no puedo ayudar a alguien... no comente, anda que no hay "off topics" en cualquier hilo, están llenos.

Aparte de que le estoy pagando con la misma moneda con la que el me pagó a mi, aunque si, será mejor usar el látigo de la indiferencia y todos tan amigos.
Brutico escribió:Hola chicos hoy he examinado mi home y me ha detecto 59 positivos en el directorio flatpak.

OST:      akaelover
SCAN ID:   200914-1941.3696
STARTED:   sep 14 2020 19:41:08 +0000
COMPLETED: sep 14 2020 20:35:47 +0000
ELAPSED:   3279s [find: 1s]

PATH:          /home/elover
TOTAL FILES:   386905
TOTAL HITS:    53
TOTAL CLEANED: 0

FILE HIT LIST:
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/68/d435593b7d6a1ca30ceeabacd2a955fb5c73b564e2b7cd1582ab3f678315bc.file => /usr/local/maldetect/quarantine/d435593b7d6a1ca30ceeabacd2a955fb5c73b564e2b7cd1582a>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/1b/254a1ce84194f2b955a84f709be0f5c8724632eada7e9b9fd283befc8d61f2.file => /usr/local/maldetect/quarantine/254a1ce84194f2b955a84f709be0f5c8724632eada7e9b9fd28>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/4b/30330ff0b138f5ac7075fcb45e49f4ef8fb7dd1fc14dce535595852f251706.file => /usr/local/maldetect/quarantine/30330ff0b138f5ac7075fcb45e49f4ef8fb7dd1fc14dce53559>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/44/bdf9b7112488c55c8131d29670c44b4a3e5d79149e7c9a8976ca20273a7c97.file => /usr/local/maldetect/quarantine/bdf9b7112488c55c8131d29670c44b4a3e5d79149e7c9a8976c>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/44/4455cfea1298e8a818063bb86eb94f224897a1a1d01f8c655440d29ddc26e9.file => /usr/local/maldetect/quarantine/4455cfea1298e8a818063bb86eb94f224897a1a1d01f8c65544>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/87/bb513d418c89224b35d5d19f39f3663ad537e8c5ac61e7d432e121c8e4ee7c.dirtree => /usr/local/maldetect/quarantine/bb513d418c89224b35d5d19f39f3663ad537e8c5ac61e7d4>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/8d/31bb496d80349e67d5455844702a3715abba306febe27606f863976a962884.dirtree => /usr/local/maldetect/quarantine/31bb496d80349e67d5455844702a3715abba306febe27606>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/8d/aa8a4612d2a493bcce3ae4684af6a1f60e8cff50058ab6e8797ea40e2e67e4.dirtree => /usr/local/maldetect/quarantine/aa8a4612d2a493bcce3ae4684af6a1f60e8cff50058ab6e8>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/24/088897dc0369516979d3c909e433d77b9323661390c4a866b8d823a5d39b71.file => /usr/local/maldetect/quarantine/088897dc0369516979d3c909e433d77b9323661390c4a866b8d>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/db/3a8ac6ca6101d997adb67a0c6d90fabd7b77370cf7c810d1d965263d68ae5e.file => /usr/local/maldetect/quarantine/3a8ac6ca6101d997adb67a0c6d90fabd7b77370cf7c810d1d96>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/dd/1253dc3fef75ece1c185a1b997da73b64ee5dc8df82355cca6244401813100.dirtree => /usr/local/maldetect/quarantine/1253dc3fef75ece1c185a1b997da73b64ee5dc8df82355cc>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/40/fbab7b86889eed8b5cb7337b3e4389767a8def71f5a1282dd744010092ca84.file => /usr/local/maldetect/quarantine/fbab7b86889eed8b5cb7337b3e4389767a8def71f5a1282dd74>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/40/4161a1a77da34b7eed77221681dff8e24079086254cf77f7b5e3a2aa61e99e.file => /usr/local/maldetect/quarantine/4161a1a77da34b7eed77221681dff8e24079086254cf77f7b5e>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/95/ee5cf07337ff39ac906f452581cef7e0957c837abc2b2cc2cc1dfbcece3c4b.file => /usr/local/maldetect/quarantine/ee5cf07337ff39ac906f452581cef7e0957c837abc2b2cc2cc1>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/d9/9f87e93ef65c7514d84c8399f854608ead50dfb9bdbb21e98a42d943733671.dirtree => /usr/local/maldetect/quarantine/9f87e93ef65c7514d84c8399f854608ead50dfb9bdbb21e9>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/f0/569f15c5c425768d7f8c61dc12cf7e3d675f5d37224aa83178e9e4f9212ae0.file => /usr/local/maldetect/quarantine/569f15c5c425768d7f8c61dc12cf7e3d675f5d37224aa83178e>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/28/e66c2e0fe0b235f90d2297e9f72a5b96d97c18c8310cab1de8bd85810fbcdf.file => /usr/local/maldetect/quarantine/e66c2e0fe0b235f90d2297e9f72a5b96d97c18c8310cab1de8b>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/9a/a885bc35248c8a714c53e42210a16b48d074d0cfa9ad5a21e7fa4eecd315e3.file => /usr/local/maldetect/quarantine/a885bc35248c8a714c53e42210a16b48d074d0cfa9ad5a21e7f>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/7f/57be8c089cd66d81efedc18389f4fe38dedc9c33f9b5678bedcab7daef3a26.dirtree => /usr/local/maldetect/quarantine/57be8c089cd66d81efedc18389f4fe38dedc9c33f9b5678b>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/52/1fdbe47cc9e5e7bb6f5d5a1308ea88500d327c90ec53ec99f13c7a44c23ff2.dirtree => /usr/local/maldetect/quarantine/1fdbe47cc9e5e7bb6f5d5a1308ea88500d327c90ec53ec99>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/91/8b879bf878d9e5d495a62b82b0a042a8e5d7e51e77af924d403671f4215c80.file => /usr/local/maldetect/quarantine/8b879bf878d9e5d495a62b82b0a042a8e5d7e51e77af924d403>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/91/18c993b48f79893af5dd46d72c2f6683a5dc22eee4393548e7bca9b624205e.file => /usr/local/maldetect/quarantine/18c993b48f79893af5dd46d72c2f6683a5dc22eee4393548e7b>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/2a/f9dbaff0ad44874e3de8c7ad9fe1e7eef9f93f1a700ae139eb9c24befe4185.dirtree => /usr/local/maldetect/quarantine/f9dbaff0ad44874e3de8c7ad9fe1e7eef9f93f1a700ae139>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/55/c28062d1903e7638052a0abe5800ce258ed63162bff27ad1505b2fb2c0b67f.file => /usr/local/maldetect/quarantine/c28062d1903e7638052a0abe5800ce258ed63162bff27ad1505>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/f4/0b28026b72b1b4e942515aaf18ea9b3929749e2e7d7cc294350baf47cb20ac.dirtree => /usr/local/maldetect/quarantine/0b28026b72b1b4e942515aaf18ea9b3929749e2e7d7cc294>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/repo/objects/c3/64138c17a81501787f2e51855e216ab9bec77a5710a7a3face52feb7603edc.file => /usr/local/maldetect/quarantine/64138c17a81501787f2e51855e216ab9bec77a5710a7a3face5>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_cg/crt/crt-royale-pal-r57sh>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_cg/pal/pal-r57shell-moire-o>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_cg/pal/pal-r57shell-nes-svi>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_cg/pal/pal-r57shell.cgp => >
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_glsl/crt/crt-royale-pal-r57>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_glsl/pal/pal-r57shell-moire>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_glsl/pal/pal-r57shell.glslp>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_slang/crt/crt-royale-pal-r5>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_slang/pal/pal-r57shell-moir>
{YARA}r57shell_php_php : /home/elover/.local/share/flatpak/app/org.libretro.RetroArch/x86_64/stable/96a53026110974a42f317b13cc1762ddf5a7cc8f17532c6089e18f526d3e1d71/files/share/libretro/shaders/shaders_slang/pal/pal-r57shell.slan>
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/36/103136_r0 => /usr/local/maldetect/quarantine/103136_r0.1059517440
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/34/100034_r0 => /usr/local/maldetect/quarantine/100034_r0.77544180
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/52/93452_r0 => /usr/local/maldetect/quarantine/93452_r0.1476430241
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/66/79166_r0 => /usr/local/maldetect/quarantine/79166_r0.3199130321
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/36/103136_r0 => /usr/local/maldetect/quarantine/103136_r0.1059517440
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/34/100034_r0 => /usr/local/maldetect/quarantine/100034_r0.77544180
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/52/93452_r0 => /usr/local/maldetect/quarantine/93452_r0.1476430241
{CAV}Heuristics.Phishing.Email.SpoofedDomain : /home/elover/.local/share/akonadi/file_db_data/66/79166_r0 => /usr/local/maldetect/quarantine/79166_r0.3199130321
{YARA}r57shell_php_php : /home/elover/.config/retroarch/shaders/shaders_glsl/crt/crt-royale-pal-r57shell.glslp => /usr/local/maldetect/quarantine/crt-royale-pal-r57shell.glslp.1354526064
{YARA}r57shell_php_php : /home/elover/.config/retroarch/shaders/shaders_glsl/pal/pal-r57shell-moire-only.glslp => /usr/local/maldetect/quarantine/pal-r57shell-moire-only.glslp.18009550
{YARA}r57shell_php_php : /home/elover/.config/retroarch/shaders/shaders_glsl/pal/pal-r57shell.glslp => /usr/local/maldetect/quarantine/pal-r57shell.glslp.640116414
{YARA}r57shell_php_php : /home/elover/.config/retroarch/shaders/shaders_glsl/pal/shaders/pal-r57shell-moire-only.glsl => /usr/local/maldetect/quarantine/pal-r57shell-moire-only.glsl.262031855
{YARA}r57shell_php_php : /home/elover/.config/retroarch/shaders/shaders_glsl/pal/shaders/pal-r57shell.glsl => /usr/local/maldetect/quarantine/pal-r57shell.glsl.485916567
{HEX}php.gzbase64.inject.452 : /home/elover/maldetect-current.tar.gz => /usr/local/maldetect/quarantine/maldetect-current.tar.gz.1765112473
{HEX}php.gzbase64.inject.452 : /home/elover/maldetect-1.6.4/files/clean/gzbase64.inject.unclassed => /usr/local/maldetect/quarantine/gzbase64.inject.unclassed.25823333
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /home/elover/maldetect-1.6.4/files/sigs/hex.dat => /usr/local/maldetect/quarantine/hex.dat.286401638
{HEX}php.gzbase64.inject.452 : /home/elover/maldetect-1.6.4/files/sigs/rfxn.yara => /usr/local/maldetect/quarantine/rfxn.yara.527214778
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /home/elover/maldetect-1.6.4/files/sigs/rfxn.ndb => /usr/local/maldetect/quarantine/rfxn.ndb.3148824650
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /home/elover/maldetect-1.6.4/files/sigs/rfxn.hdb => /usr/local/maldetect/quarantine/rfxn.hdb.2153115382
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /home/elover/maldetect-1.6.4/files/sigs/md5v2.dat => /usr/local/maldetect/quarantine/md5v2.dat.191899530
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /home/elover/maldetect-1.6.4/files/sigs/md5.dat => /usr/local/maldetect/quarantine/md5.dat.363930883
===============================================
Linux Malware Detect v1.6.4 < proj@rfxn.com >

Para mí que son falsos positivos. Fíjate que es retroarch, y está marcando con virus incluso los shaders de filtros de imagen. Prueba instalártelo nativamente a ver si eso mismo da positivo. Pero es que también está dando positivo Akonadi, que es parte del KDE??

Más info:
https://securitycheck.protegetuordenador.com/forum/9-newbies-area/1111-yara-r57shell-php-php
Si nos fijamos es un r57shell_php_php, lo cual debería preocupar el encontrarlo en un PHP de nuestra web. Pero es que son ficheros que no tienen nada que ver con PHP. Es decir ha estimado que ha encontrado dicha secuencia y ya está pues salta.
@Parallax Snake ya te han reportado 3 veces vienes a reírte de mí.
P-D Cuando usas dmz en tu pc me demuestra mucha tú inteligencia tio. [toctoc]


@darksch en nativo da positivo en los shaders y por lo visto es un falso positivo. Pero solo da en los shaders no en mas directorios
Brutico escribió:@Parallax Snake ya te han reportado 3 veces vienes a reírte de mí.
P-D Cuando usas dmz en tu pc me demuestra mucha tú inteligencia tio. [toctoc]


@darksch en nativo da positivo en los shaders y por lo visto es un falso positivo. Pero solo da en los shaders no en mas directorios

Edité el mensaje efectivamente son falsos positivos, echa un vistazo al enlace.
@darksch si encontre un foro en retropie con lo mismo positivo en los shaders.
@Parallax Snake no, reírte del usuario y postear algo sin ningún sentido no está permitido. Además de las normas por una cuestión de calidad.

Si quieres hacer el tonto, me parece bien, a mi también me gusta hacerlo, tienes pruebas para hacerlo.
    Editado por [erick]. Razón: offtopic
      Editado por [erick]. Razón: offtopic
      @Brutico Buenas. Es un falso positivo del YARA. Escanea a lo rkhunter y si ve algún método que se usa en malwares, te lo marca como tal. Puedes ir al archivo de configuración ( rules ) y excluir dichos ficheros.

      Saludos!
      @cmhacks Gracias compi [oki]
      ***
      Editado por quimico2008. Razón: Off-topic
      @Brutico Para eso estamos compi! [beer]
      20 respuestas
      Archivado
      Volver a Software libre