Virus Detected on Lite 2.6 Wallpapers

[vagnerafonso]

Greetings All,

I can safely say that the lessen learned from all this is that it's probably not a good idea to randomly download images/pictures and use them as wallpapers. Especially if we don't know the sources.  A lot of these images/pictures are downloaded from different sources and are shared everywhere. It would be better to create our own wallpapers or take screen shots of the images/pictures that we like, save them to our computers and use those as wallpapers instead.

[Wirezfree]

@Jocklad...

A good question... Ask 10 people, you will probably get 11 opinions...

If you watch the youtube video posted by vagnerafonso,
It appears that malware can impact Linux, but how often & what scenario created that situation in the demo..??

If you still run windows and share files across distros, you could vulnerable.
If you only run Linux, you could say "Well I'm O.K"...
BUT being a good citizen you don't want to pass anything on to a Windows user/friend from Linux do you..??


So, given it's a "almost" a "set it and forget" with ClamAV,
I'm tending to err on the side of caution and will probably use it.



UPDATED
Ooops, sorry Jerry, I see I posted within 10secs of you...
Yes move to Virus thread if required.

[Jerry]

Getting off topic here folks. Please keep it to the Wallpaper issue. I believe there is another thread on virus scanners in Linux in the Forums. Thanks

Sent from my Nexus 6 using Tapatalk

[Jocklad]

 Not sure where we are heading here.

 Should we now install anti-virus on all linux Distros....?.

 Jocklad 

[Wirezfree]

Hi,

I'm still learning all the options, This may help you "ClamTK Virus Scanner"

I have the scheduled scan and updates shown below,
This can be verified if you install gnome-scheduler which is a gui to manage/add/edit "cron" task.

[Zead]

@Wirezfree

Thanks, I've found it. The problem was that I was clicking on the desktop files... It doesn't work on them sadly. I guess right clicking on any desktop icon doesn't count as Thunar.

Btw, I've heard that ClamTK includes right-click scan by default. Is that true? But that's probably only for Nautilus.


Anyway, I was searching for some info about ClamTK, but I'm confused about update options and scheduler.

There are 2 options for automatic definitions updates.
#1 is in "Advanced > Rerun Antivirus Setup Wizard (Antivirus Signature Options)"
#2 is in "Advanced > Scheduler"

You can enable both...

Do you have some information about this how it works? Why are there two options for automatic updates?

You can leave the scheduler disabled, and the Rerun Antivirus Setup Wizard automatic updates enabled. It will update itself anyway. I've kept it like this.

Maybe the scheduler is here to specify the time of automatic updates... And when it is disabled, it will use the default time for updates...

Anyway, I've set ClamTk updates to Manual, and scheduled automatic updates to 5PM. So I'll see if it updates or not.

[Wirezfree]

@Zead,

I will fire up my test pc and check again,
but it was under Right Click on a file/folder, then navigate through Send To, and it was at the Bottom of the options list "ClamTk"


Update, screen shot showing send to > clamtk

[Zead]

Hi,

You may already know this.?
If you visit the clamtk webpage: https://code.google.com/p/clamtk/
Scroll down to downloads
There is a Thunar add-on for Ubuntu "thunar-sendto-clamtk"


[/size]It gives you a Right Click > Sendto > ClamTK option

Hi. I've done this weeks ago. But nothing is appearing in my right click menu. Am I missing something?

I guess I need ClamTK 5, I have a ClamTK 4.45 (from the official ubuntu repositories).

[vagnerafonso]

Greetings All,

Sophos has a free anti-virus program for Linux.  I believe we should all have a good virus scanner for our systems. Especially if we intend on installing applications and downloading files, documents and pictures from outside of trusted repositories and websites.  This is also important if we plan on sharing those files with Microsoft Windows users. We wouldn't want to unintentionally infect these users machines. Especially if they are our family, friends, etc. Matthew Moore uploaded a YouTube video demonstrating the use of Sohpos and verified that his Arch system had been infected with viruses. I've included links to Matthew Moore's YouTube video and Sophos for Linux.  I hope this information is helpful.

Sophos For Linux
https://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-linux.aspx

Matthew Moore Sophos Demo
https://www.youtube.com/watch?v=y_lhqg_p21k&feature=youtu.be&t=2m42s

[Wirezfree]

Hi,

You may already know this.?
If you visit the clamtk webpage: https://code.google.com/p/clamtk/
Scroll down to downloads
There is a Thunar add-on for Ubuntu "thunar-sendto-clamtk"


[/size]It gives you a Right Click > Sendto > ClamTK option

[Zead]

I guess I'm going to test all of my pictures on VirusTotal now. ClamAV hasn't detect it. According to Microsoft website. MSE should detect it. But according to VirusTotal, Microsoft came up with clean file.

Malicious or not, there's a web injection for sure.

[Jerry]

I've decided to err on the side of caution. Removing this wallpaper is the best solution despite the mixed results.
I've added a postinst script to lite-software that will remove Entrance.jpg.

Releases affected: 2.0, 2.2, 2.4, 2.6

Code of postinst:

Code: [Select]

#! /bin/sh
# A collection of postinst actions for Linux Lite

# postinst script for wallpaper removal
# Date: 04/09/15
# Time: 23:51 (EST)
# As reported here - https://www.linuxliteos.com/forums/other/virus-detected-on-lite-2-6-wallpapers/

set -e

cd /usr/share/backgrounds/xfce/

sudo rm -rf Entrance.jpg
This code will stay in LL until the end of Series 2.
Entrance.jpg will not appear in any more versions of LL and has been removed from the dev builds.

In future, all Wallpapers will be scanned before going into Linux Lite.

Social Media announcements have been placed informing the wider public.

Run Menu, Favorites, Install Updates and the wallpaper will be deleted.

[Jerry]

Firstly, thank you for reporting this vagnerafonso and thank you to everyone else in this thread for providing additional information and taking the time to look into this. I take reports like this very seriously. I'm going to analyse this at my end and let you know soon what will happen.

[anon222]

If you click on the link I provided for more info, and then click on the "File detail" tab it states:  The file being studied is an image file! More specifically, it is a JPEG. The image has been injected with malicious web content.

In the box right below that statement is what appears to be the code that was injected into the file.

Oh I see. It's in Entrance.jpg, that image is from LL 2.0 not sure about the previous ones.
Looking at the code. as far as I can see there is a code that opens a webpage. I don't see how would xfce or ristereto image viewer be affected.
Tested on Firefox and it it looks it is not affected. Could possibly target some vulnerability in windows applications.
It appears that the image originates from some website. Anyway the threat seems minimal as many major antiviruses neglect this.
I'll wait to see what Jerry has to say about this.
In the future I suggest that the images that are going to be added to distro be uploaded in Gimp's XCF image file format.
That way the images will be open source and easy to modify.

[rokytnji]

Code: [Select]

[email protected]:~$ sudo -s
[sudo] password for harry:
[email protected]:~# cd /usr/share/backgrounds/xfce
[email protected]:/usr/share/backgrounds/xfce# ls
Car.jpg        Linux-Lite-Bridge.png          Lite-Coral.png      Stadium.jpg
Cubes.jpg      Linux-Lite-Coast.png           Lite-Gold.png       Thames.jpg
Entrance.jpg   Linux-Lite.jpg                 Lite-Grey.png       Winter.jpg
Gaming.jpeg    Linux-Lite-Mountains-Gold.png  Lite-Lite-2.2.jpg   xfce-blue.jpg
Kids.jpg       Linux-Lite-Sand-Feather.jpg    Lite-Parchment.png
Landscape.jpg  Linux-Lite-Simple-Gray.png     River-Dock.jpg
Liberty.jpg    Linux-Lite-Waves.png           Sea-House.jpg
[email protected]:/usr/share/backgrounds/xfce# rm -f Entrance.jpg
[email protected]:/usr/share/backgrounds/xfce# ls
Car.jpg                Linux-Lite.jpg                 Lite-Lite-2.2.jpg
Cubes.jpg              Linux-Lite-Mountains-Gold.png  Lite-Parchment.png
Gaming.jpeg            Linux-Lite-Sand-Feather.jpg    River-Dock.jpg
Kids.jpg               Linux-Lite-Simple-Gray.png     Sea-House.jpg
Landscape.jpg          Linux-Lite-Waves.png           Stadium.jpg
Liberty.jpg            Lite-Coral.png                 Thames.jpg
Linux-Lite-Bridge.png  Lite-Gold.png                  Winter.jpg
Linux-Lite-Coast.png   Lite-Grey.png                  xfce-blue.jpg
[email protected]:/usr/share/backgrounds/xfce# exit
exit
[email protected]:~$