possible malware in db48 port

Christopher Chavez chrischavez at gmx.us
Wed Jan 22 01:03:22 UTC 2020


On 1/21/2020 5:11 PM, Artemio González López via macports-users wrote:
> Bitdefender has flagged two files from the db48 MacPorts port installed
> in my Mac, namely
>
> /opt/local/lib/db48/libdb_cxx-4.8.dylib
> /opt/local/var/macports/software/db48/db48-4.8.30_4.darwin_17.x86_64.tbz2
>
> which seem to be infected by something called
>
> Gen:Variant.Application.MAC.Koiot.575
>
> Does this sound plausible, or is it more likely a false positive? In any
> case, I am thinking of reinstalling the port. Is this possible, and how
> should I proceed? (uninstall first, perhaps, but what about dependents?).

> Here’s what ls reports about this files:
>
> -rwxr-xr-x  1 macports  admin  1302356 Sep 27  2017
> /opt/local/lib/db48/libdb_cxx-4.8.dylib
> -rw-r--r--  1 macports  wheel  19951871 Mar 15  2018
> /opt/local/var/macports/software/db48/db48-4.8.30_4.darwin_17.x86_64.tbz2

VirusTotal doesn't report anything for
http://packages.macports.org/db48/db48-4.8.30_4.darwin_17.x86_64.tbz2:
see
https://www.virustotal.com/gui/url/c368d42293be904ef4710ad8ac1790b476e48ccdc8763c0267def2985222aad5/

But extracting libdb_cxx-4.8.dylib from that archive and uploading, it
*does* report positive from BitDefender and a few other engines, however
most other engines do not detect anything: see
https://www.virustotal.com/gui/file/2ce2eb2cc146cff38a87c2243dc125b60836f379fbd763e7963d7a9c05e54f0e/



More information about the macports-users mailing list