can someone help me to understand results of a linux file please?

[Dirk41]

hi guys, i am using xubuntu on an old and useless netbook for first time these days. rkhunter found a warning. i am searching for tools to scan this file since i still don't have an av (and i don't know what are available).
VT said it's ok ,but i am not sure if it is reliable because i don't think many av support linux.

then i tried malwr.com
and hybrid-analysis(this did'nt support the file)

can i post (and how? it's very long) the results of malwr.com ? i understand very little of them,since it's the first time. furthermore it seems it tested it on W enviroment , not linux. why?

can someone suggest me other website for linux files?
thank you

 

[Rishi]

Try Linux Malware detect LMD kit : Install Linux Malware Detect (LMD) v1.5 in Linux | 2daygeek.com

As for the sandboxes for the Linux based malwares, Cuckoo or Limon sandboxes can be used, but they are standalone( not online) and require python for operation modules. If I am not wrong malwr is also based upon cuckoo.

 

[OokamiCreed]

With any online visualization website, you can post URL that displays on the address bar of your browser which would be better than posting the actual content itself. As for environments, I believe on only Windows OS is available for use with these websites.

Malwr does indeed run using the cuckoo sandbox.

As for AV on Linux OS, I've used all major vendors and they were kind of a pain. Even on Ubuntu/Debian based OS where the installation process is done by the system itself and not by the user. Assuming you have a .deb file anyway. Sophos works very well but I couldn't get it to uninstall properly. Same with Dr. Web. Comodo is broken as far as I'm concerned and won't scan, and the rest seem unsupported or simply don't work at all.

As for command line scanners, I haven't used them so don't know of their capabilities. Would help a lot for added information on the file itself. It is standalone, executable, a application file in an installation folder, etc. Since this is analysis section, I'd imagine we could upload files even if they are malicious.

 

[illumination]

hi guys, i am using xubuntu on an old and useless netbook for first time these days. rkhunter found a warning. i am searching for tools to scan this file since i still don't have an av (and i don't know what are available).
VT said it's ok ,but i am not sure if it is reliable because i don't think many av support linux.

then i tried malwr.com
and hybrid-analysis(this did'nt support the file)

can i post (and how? it's very long) the results of malwr.com ? i understand very little of them,since it's the first time. furthermore it seems it tested it on W enviroment , not linux. why?

can someone suggest me other website for linux files?
thank you

rkhunter is known to produce a FP or two, i would take the name of the file/location and do a google search.

 

[hjlbx]

Submit to Dr Web for manual analysis:

Dr.Web - innovation anti-virus security technologies. Comprehensive protection from Internet threats.

You don't need Dr Web product key to submit - just set up return email so Dr Web technician can send you result.

In notes, explain you suspect malicious, but need manual analysis to confirm.

Process takes about a week.

Don't abuse the service...

 

[Dirk41]

thank you guys for the replies.
yeah i know rkhunter produce FP, but you know:first time linux(just out of curiosity),everybody say it's ok without av,but i find difficult to trust.
anyway of course i googoled it and it does exist " usr/bin/mail" but who knows,maybe it is corroupted .
maybe this sounds a little paraoind but, again first time on linux.

anyway the only thing i got is that for malwr.com it doesn't try to connect with anyone. if you are interested . i tought you couldn0t see it
Malwr - Malware Analysis by Cuckoo Sandbox

i think i feel safe anyway know. thank for the advice

 

[hjlbx]

thank you guys for the replies.
yeah i know rkhunter produce FP, but you know:first time linux(just out of curiosity),everybody say it's ok without av,but i find difficult to trust.
anyway of course i googoled it and it does exist " usr/bin/mail" but who knows,maybe it is corroupted .
maybe this sounds a little paraoind but, again first time on linux.

anyway the only thing i got is that for malwr.com it doesn't try to connect with anyone. if you are interested . i tought you couldn0t see it
Malwr - Malware Analysis by Cuckoo Sandbox

i think i feel safe anyway know. thank for the advice

Submit for manual analysis and then you will know for sure.

It takes only a few minutes to submit.

* * * * *

Probably safe file looking at Cuckoo Sandbox report - but I am not malware expert.

 

[LabZero]

hi guys, i am using xubuntu on an old and useless netbook for first time these days. rkhunter found a warning. i am searching for tools to scan this file since i still don't have an av (and i don't know what are available).
VT said it's ok ,but i am not sure if it is reliable because i don't think many av support linux.

then i tried malwr.com
and hybrid-analysis(this did'nt support the file)

can i post (and how? it's very long) the results of malwr.com ? i understand very little of them,since it's the first time. furthermore it seems it tested it on W enviroment , not linux. why?

can someone suggest me other website for linux files?
thank you

Try here:

detux - The Linux Sandbox

 

[Dirk41]

Think you very much I appreciate . I'll try later and every future time I need. Thank you