possible malware in db48 port
macportsusers-20171215 at billmail.scconsult.com
Wed Jan 22 07:34:12 UTC 2020
On 21 Jan 2020, at 18:11, Artemio González López via macports-users
> Bitdefender has flagged two files from the db48 MacPorts port
> installed in my Mac, namely
> which seem to be infected by something called
The is not an indication of a specific 'infection' but rather a generic
heuristic match with characteristics seen in known malware. This is NOT
a match with any specific known malware.
> Does this sound plausible,
I believe Bitdefender flagged it. I don't believe it is worth concern. I
have no reason to believe that a Bitdefender generic match it worth
anything. Do you?
> or is it more likely a false positive?
It's nothing. It's not a 'positive' of any sort, it's an almost random
assertion that a file has some vague characteristics in common with
Generic matches by "antivirus" programs that do not document those
patterns are worse than worthless. Your use of Bitdefender has wasted
your valuable time.
> In any case, I am thinking of reinstalling the port. Is this possible,
> and how should I proceed? (uninstall first, perhaps, but what about
You can't make Bitdefender worthwhile software by reinstalling Berkeley
I have machines with these local source builds of the db48 port,
All of these now show the same 5 junk hits at VirusTotal on their
libdb_cxx-4.8.dylib. The first 2 did not show any hits in years-old
tests, but they hit when rescanned in the last few hours. I also have
downloaded the pristine source from Oracle, patched it to fix naming
conflicts, and built it without using anything from MacPorts. That
libdb_cxx-4.8.dylib hits at VT identically to the 4 other builds I have.
It is certainly possible that the source code of BerkeleyDB v4.8.30 has
been compromised at its definitive repository by some
as-yet-unidentified MacOS X malware which has unspecified similarities
to some unspecified known malware which is only known to 5 3rd-rate AV
tools, 4 of which give it the same name which is unreferenced anywhere.
It is more likely that those junk AV packages have detected the use of
BerkeleyDB v4.8.30 (one of the most ubiquitous open source libraries in
existence) by some malware and have deemed some of its characteristics
as being indicative of malware, incorrectly.
If you are a paying customer of Bitdefender, I urge you to ask them what
this detection actually means and ask that they justify the waste of
your time over this apparently pointless "detection." They owe you an
bill at scconsult.com or billcole at apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)
More information about the macports-users