0nekoneko7Jun 2, 2024

Kaspersky releases free tool that scans Linux for known threats

https://lemmy.world/post/16089802

Kaspersky releases free tool that scans Linux for known threats - Lemmy.World

Show threadboredsquirrel (he)Jun 2, 2024
I HIGHLY doubt that they would detect the XZ backdoor
Show threadatzanteolJun 2, 2024
Why? It’s not hard. They typically hash files and look for hits against a database of known vulnerabilities.
Show threadboredsquirrel (he)

Yes and if viruses use something like base64 encoding or other methods, the hashes dont match anymore.

As far as I understood it, it is pretty easy to make your virus permanently un-hashable by just always changing some bits

Jun 2, 2024 at 12:08pmWeb
Show threadatzanteolJun 2, 2024
The xz backdoor was a packaged file distributed with the standard packages though. It would be trivial to find.
Show threadboredsquirrel (he)Jun 2, 2024

This is obviously not about this known file.

It is about “would this scanner detect a system package from the official repos opening an ssh connection”

Show threadatzanteolJun 3, 2024

Sorry, I was responding to:

I HIGHLY doubt that they would detect the XZ backdoor