VirusTotal marks libemu el8 rpm as potential malware

The file libemu-0.2.0-13.20130410gitab48695.el8 shows up as possible malware. VirusTotal also shows it as being potential malware. Who should this be reported to?

Which file there?

I expect this needs to be reported to VirusTotal because they don’t seem to understand rpm files.

You can see the sources for that build here:

https://src.fedoraproject.org/rpms/libemu/tree/epel8

Please note that this is a Fedora forum, not one for RHEL. Please contact the RHEL community or RHEL directly if you are an enterprise customer if you wish.

2 Likes

What is your operating system? Fedora?
What release? 34? 35? something else?
Is the system fully updated?

That appears to be an el8 package and is not designed for use on fedora.

3 Likes

VirusTotal scans the file with multiple different AV solutions. I have the results here: VirusTotal

I just asked and the platform this was detected on was fedora CoreOS, not RHEL. I don’t actively use these systems rather just watch over them. Am I in the wrong place? I just seen fedoraproject.org as the main domain and thought here was the correct place sorry.

1 Like

Not a clue what VirusTotal is finding.

All of this software is Open Source Software so you can inspect the code yourself:

This platform is just a community forum where users help each other. The bugtracker is in a different place here:

https://bugzilla.redhat.com

Some information on filing bugs:

https://docs.fedoraproject.org/en-US/quick-docs/howto-file-a-bug/

I’m still not sure why this package is on a CoreOS system, but I don’t know enough about CoreOS tbh. You can contact them on their dicussion channels here:

https://docs.fedoraproject.org/en-US/fedora-coreos/getting-started/#_getting_in_touch

2 Likes

Watch most antivirus software and suggestion are not build for linux in mind rather they added some support some vendors still they actually don’t know what to scan and how to scan and antivirus term is related with windows and is not common in linux or mac even most don’t use this. So here i think they are making false positive. Because the file you are talking about is opensource. So it need to be reported to them about this false positive report.

I passed the file to a few vendors. So far only the Windows Defender team has got back saying “The file meets our criteria for malware”. But this Microsoft we are talking about.

I’ll do some more research to find out who I contact if more vendors think it’s malware.

It depends on what their “criteria” is. The authoritative source of information is the source code, which is open for everyone to go through. So irrespective of what these automated tools say, if the source code is clean, it is not malware.