possible malware in db48 port

Christopher Chavez chrischavez at gmx.us
Wed Jan 22 01:03:22 UTC 2020

On 1/21/2020 5:11 PM, Artemio González López via macports-users wrote:
> Bitdefender has flagged two files from the db48 MacPorts port installed
> in my Mac, namely
> /opt/local/lib/db48/libdb_cxx-4.8.dylib
> /opt/local/var/macports/software/db48/db48-4.8.30_4.darwin_17.x86_64.tbz2
> which seem to be infected by something called
> Gen:Variant.Application.MAC.Koiot.575
> Does this sound plausible, or is it more likely a false positive? In any
> case, I am thinking of reinstalling the port. Is this possible, and how
> should I proceed? (uninstall first, perhaps, but what about dependents?).

> Here’s what ls reports about this files:
> -rwxr-xr-x  1 macports  admin  1302356 Sep 27  2017
> /opt/local/lib/db48/libdb_cxx-4.8.dylib
> -rw-r--r--  1 macports  wheel  19951871 Mar 15  2018
> /opt/local/var/macports/software/db48/db48-4.8.30_4.darwin_17.x86_64.tbz2

VirusTotal doesn't report anything for

But extracting libdb_cxx-4.8.dylib from that archive and uploading, it
*does* report positive from BitDefender and a few other engines, however
most other engines do not detect anything: see

More information about the macports-users mailing list