Question

4

Should I be worried about a possible threat?

rated 0 times [ 4] [ 0] / answers: 1 / hits: 2700 / 2 Years ago, mon, july 18, 2022, 9:49:16

I recently installed Ubuntu 12.10. I use Clamav and have scanned my system regularly for infections. Today it picked up a potential threat
/usr/lib/ruby/1.9.1/rdoc/generator/template/darkfish/js/thickbox-compressed.js.
Ubuntu is my only operating system installed. Clamav was not able to delete or quarantine the file.
Should i be concerned or is this a false positive? I have scanned the same file multiple times and it picks it up as a threat each time. Also i tried googling the issue before posting and found no information.

A point I forgot to mention, clamav picks it up as PUA.script.packed-1

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

itagde

Add To Favorites

Follow

Total Points: 241

Total Questions: 113

Total Answers: 118

Location: Liechtenstein

Member since Wed, Dec 8, 2021

2 Years ago

answered 2 Years ago arsleyeuth · Accepted Answer

That file seems to belong to package libruby1.9.1, which should be installed when you installed Ruby.

If that package comes from the default repositories I guess that warning should be nothing to you worry about. If it comes from a PPA then you should take a closer look.

To see from where the package comes you can use apt-cache. From my system:

$ apt-cache policy libruby1.9.1

libruby1.9.1:

  Installed: (none)  <-- This shows the installed version (not installed on my case)

  Candidate: 1.9.3.0-1ubuntu2.5

  Version table:

     1.9.3.0-1ubuntu2.5 0

        500 http://pt.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages

        500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages

     1.9.3.0-1ubuntu1 0

        500 http://pt.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

Also consider checking that file in an online scanner like VirusTotal. If only clamav marks it as a potencially threath probably it is a false positive.