possible malware in db48 port
ryandesign at macports.org
Wed Jan 22 00:48:24 UTC 2020
On Jan 21, 2020, at 17:11, Artemio González López wrote:
> Bitdefender has flagged two files from the db48 MacPorts port installed in my Mac, namely
db48-4.8.30_4.darwin_17.x86_64.tbz2 contains everything installed by the db48 port, which includes libdb_cxx-4.8.dylib.
> which seem to be infected by something called
> Does this sound plausible, or is it more likely a false positive?
It seems unlikely to me. If you got the binary of this port from our server (which I think you did; see below), then that would mean that our server is infected, and I find that unlikely. If on the other hand MacPorts built it for you on your own computer, I guess it's possible that an existing virus infection on your computer was copied into this file. I'm not familiar with this virus or how it works or what it does. A third possibility is that db 4.8.30 as distributed by its developers contains this virus. That too seems unlikely.
> In any case, I am thinking of reinstalling the port. Is this possible, and how should I proceed? (uninstall first, perhaps, but what about dependents?).
You can rebuild the port with:
sudo port -n upgrade --force db48
If you want to be sure that you receive a binary from us, you would use:
sudo port -nb upgrade --force db48
If on the other hand you want to ensure a build from source, to rule out a problem with our binary, you would use:
sudo port -ns upgrade --force db48
> Here’s what ls reports about this files:
> -rwxr-xr-x 1 macports admin 1302356 Sep 27 2017 /opt/local/lib/db48/libdb_cxx-4.8.dylib
> -rw-r--r-- 1 macports wheel 19951871 Mar 15 2018 /opt/local/var/macports/software/db48/db48-4.8.30_4.darwin_17.x86_64.tbz2
Those are the exact sizes and, in the case of libdb_cxx-4.8.dylib, the exact date of those files as distributed by our server. As such, I expect that reinstalling the port from our binary will change nothing. You can build from source to see if that changes anything.
More information about the macports-users