ClamAV v0.98.1 False Positive for rkhunter

ClamAV is reporting false positives for rkhunter today, including versions 1.3.8 and 1.4.2. 

This is reported from multiple Ubuntu 12.04.4 LTS VMs.

$ rkhunter --version
Rootkit Hunter 1.3.8

ClamAV scan summary:

/usr/bin/rkhunter: Osx.Worm.Inqtana-3 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3295599
Engine version: 0.98.1
Scanned directories: 32844
Scanned files: 117908
Infected files: 1
Data scanned: 2179.85 MB
Data read: 2488.04 MB (ratio 0.88:1)
Time: 808.420 sec (13 m 28 s)
$ rkhunter --version
Rootkit Hunter 1.4.2

ClamAV scan summary:

/usr/local/bin/rkhunter: Osx.Worm.Inqtana-3 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3295599
Engine version: 0.98.1
Scanned directories: 34820
Scanned files: 118930
Infected files: 1
Data scanned: 2207.73 MB
Data read: 2575.48 MB (ratio 0.86:1)
Time: 819.638 sec (13 m 39 s)

Leave a Reply

Your email address will not be published. Required fields are marked *