# Warning: Virus Found In Jdk 1.6.0_05



## nileshgr (Nov 29, 2007)

This is to inform all of you that if you have installed 
	
	



```
jdk-1.6.0_05-ea
```
 RPM package for JAVA RUNTIME ENVIRONMENT OR JAVA DEVELOPMENT KIT ; a file in this package contains a virus. The file is


```
/opt/sun/javadb/demo/databases/toursdb.jar: Oversized.Zip FOUND
```

I scanned my system using 
	
	



```
clamav-0.91.2-31.fc7
```
 (it is the latest) with db updated on 28/11/2007.

I recommend you to scan your system using ClamAV .


----------



## kalpik (Nov 29, 2007)

1. You should NEVER use the RPM file to install java! Use the bin file 
2. As the description says, its NOT a virus, just a BIG zip file


----------



## praka123 (Nov 29, 2007)

^LOL!oversized zip files gives such messages as an ex clamav user i know that


----------



## nileshgr (Nov 29, 2007)

kalpik said:
			
		

> 1. You should NEVER use the RPM file to install java! Use the bin file
> 2. As the description says, its NOT a virus, just a BIG zip file


I used the bin file only. 

[java_name].rpm.bin


----------



## kalpik (Nov 29, 2007)

The bin wont have any rpm in it


----------



## cool_techie_tvm (Nov 29, 2007)

Slightly offtopic, is it necessary to install an AV in a linux environment? I am using Firestarter. I read in ubuntu forums that it is unnecessary to install AV in ubuntu.


----------



## praka123 (Nov 29, 2007)

Yes.total waste of ur processor power.read below article:
*Note to new Linux users: No antivirus needed*
*www.linux.com/articles/60208


----------



## cool_techie_tvm (Nov 29, 2007)

Hmm, thanks for the info prakash !!


----------



## rocket357 (Nov 29, 2007)

AV has uses on UNIX....namely if you're using a *nix system as an HAVP proxy to protect Windoze systems, or you're using the *nix system as a mail transfer agent, or you're using it as an SMB share that Windows boxen will upload/download files from, etc...  But protecting the UNIX box itself?  haha...yeah AV is pretty useless there.


----------



## mehulved (Nov 29, 2007)

cool_techie_tvm said:
			
		

> Slightly offtopic, is it necessary to install an AV in a linux environment? I am using Firestarter. I read in ubuntu forums that it is unnecessary to install AV in ubuntu.


 You don't need one unless you are The Unknown.
We've explained him so much as to why it's stupid to run AV on his machines and all those stupid false positives but well some people don't learn.


----------



## praka123 (Nov 29, 2007)

^LOL!stupid windoz habits!


----------



## vish786 (Nov 29, 2007)

The Unknown said:
			
		

> I used the bin file only.
> 
> [java_name].rpm.bin


bin file is without rpm 



			
				praka123 said:
			
		

> ^LOL!stupid windoz habits!


----------



## QwertyManiac (Nov 30, 2007)

cool_techie_tvm said:
			
		

> Slightly offtopic, is it necessary to install an AV in a linux environment? I am using *Firestarter.* I read in ubuntu forums that it is unnecessary to install AV in ubuntu.


Er, Firestarter is a Firewall program, NOT an anti-virus.


----------



## praka123 (Nov 30, 2007)

yes.it is good to have FW enabled.By default Ubuntu,Debian etc blocks ports.
and dont go for this firestarter gui.go for "lokkit" script.apt-get install lokkit and then in a terminal while ur system is connected to internet,run "lokkit" and just press OK.also make sure the option "High" is selected  it protects!and for torrent clients who wants random port to be opened for tcp/udp connxn,run lokkit and select custom option and enter the port number for eg:51486 to open it.u can edit the rules in /etc/default/lokkit.
lokkit is enabled in default RH,Fedora distros.a easy one  u dont need firestarter gui all to do this.


----------



## cool_techie_tvm (Nov 30, 2007)

QwertyManiac said:
			
		

> Er, Firestarter is a Firewall program, NOT an anti-virus.


Ha ha. I know yaar, that firestarter is a firewall. According to ubuntu forums, we need to run only the firewall, no separate AVs. Thats what i was speaking of.. 



			
				praka123 said:
			
		

> yes.it is good to have FW enabled.By default Ubuntu,Debian etc blocks ports.
> and dont go for this firestarter gui.go for "lokkit" script.apt-get install lokkit and then in a terminal while ur system is connected to internet,run "lokkit" and just press OK.also make sure the option "High" is selected  it protects!and for torrent clients who wants random port to be opened for tcp/udp connxn,run lokkit and select custom option and enter the port number for eg:51486 to open it.u can edit the rules in /etc/default/lokkit.
> lokkit is enabled in default RH,Fedora distros.a easy one  u dont need firestarter gui all to do this.


I am using firestarter as mentioned in *ubuntuforums.org/showthread.php?t=542756&highlight=firestarter

Would that suffice?


----------



## praka123 (Nov 30, 2007)

Ofcorz firestarter is more than enough.but lokkit makes u leave the thoughts about FW once it is configured  while firestarter is there always eating ur resources as it is a gui program.nevertheless it suffice the needs for many users.it is all ur wish which one to use from easy lokkit to shorewall FW config utility.and u may be knowing these all are scripts for controlling netfilter iptables,the FW in GNU/Linux.
Yes,cooltechietvm,u dont need any AV for Linux.u may have already read:
 Note to new Linux users: No antivirus needed.
*www.linux.com/articles/60208
also never login as root.use terminal and  "su" for root access.if u want to start any gui apps from terminal use a X credentials wrapper called "sux".thus instead of "su" use "sux" and start any app.this is esp useful in konsole which prevents gui programs launched from it


----------



## Faun (Nov 30, 2007)

Hey i use firestarter to enable ICS in gutsy.

Is there any good tutorial to do it manually at the system startup using IPTABLES.

I really dont want any other 3rd party software, I tried IP Masquerading but didnt get it working well with the client computer running win-xp.


----------



## QwertyManiac (Nov 30, 2007)

Firestarter doesn't keep running praka123, its just a small tool to apply iptable policies and save them. Doesn't require to be running actively all the time.


----------



## praka123 (Nov 30, 2007)

^yeah,i hardly used it!but i remember tray applet which launches firestarter GUI when pressed!I know that these are all iptables config tools


----------



## QwertyManiac (Nov 30, 2007)

It shows the tray icon, yeah. But its not necessary to run the program all the time! Am just defending it from that point of yours. Its a nice GUI frontend.


----------



## praka123 (Nov 30, 2007)

^firestarter gui does show some useful things like who(IP's) are trying to probe ur lin box i remember!


----------



## cool_techie_tvm (Nov 30, 2007)

The link which i had posted (*ubuntuforums.org/showthread.php?t=542756&highlight=firestarter) enables firestarter to be enabled automatically on bootup.


----------



## praka123 (Nov 30, 2007)

yeah,the link may be explaining to add firestarter command to gnome-session-properties>startup manager to start hence taking more time and panel freezes for few seconds in low memory machines 

well,i saw the link,yeah he did it via editing!wise


----------



## nileshgr (Nov 30, 2007)

mehulved said:
			
		

> You don't need one unless you are The Unknown.
> We've explained him so much as to why it's stupid to run AV on his machines and all those stupid false positives but well some people don't learn.


I am running a server for two sites. So if the guy with the other site puts malicious file, then it is not going to affect me but the viewer and hence my IP will be captured.

*
I AM NOT A FOOL. I KNOW THAT LINUX DOES NOT REQUIRE AV. I MENTIONED YOU THE CASE WHY I INSTALLED IT.    ​*


----------



## praka123 (Nov 30, 2007)

cool down dude


----------



## nileshgr (Nov 30, 2007)

praka123 said:
			
		

> cool down dude


How could I ? If such things like fools, etc are said without knowing the reason behind it ? (mehul)


----------



## QwertyManiac (Nov 30, 2007)

Leave the running an AV part. Consider this stupid thread. You still would be called the same. Sun infecting their archives, You recommending us to run Clam AV, all are -->


----------



## rocket357 (Nov 30, 2007)

Politics and name-calling aside, there are instances where running AV on UNIX is the preferred technique for protecting Windows machines.  It's been stated quite a few times in this thread (and countless others), but I'll state it once more:  





			
				everyone said:
			
		

> Windows was designed to allow others to run code on your machine...Linux was NOT designed that way!


  This is the root cause of the need for AV on Windows.  Plain and simple.  (If you've never messed with writing code to control a Windows box (mouse and keyboard), I recommend you try it...then try porting your program to Linux...  see what I mean?).  It's fairly easy to control many aspects of a Windows machine (keyboard and mouse are just visual ones...there are many others), but accomplishing the same on Linux is quite a bit tougher.  Linux doesn't take well to auto-run code and the like, but that doesn't make it *secure*.  Linux users still need to be aware of rootkits and trojans.  

No, running AV to protect a *nix box isn't recommended...but if you're the paranoid type, check out chkrootkit and rkhunter (programs to hunt down rootkits on UNIX machines).  You'll get a LOT more good out of those two than (insert your favorite UNIX AV).


----------



## gary4gar (Nov 30, 2007)

The Unknown said:
			
		

> I am running a server for two sites. So if the guy with the other site puts malicious file, then it is not going to affect me but the viewer and hence my IP will be captured.
> 
> *
> I AM NOT A FOOL. I KNOW THAT LINUX DOES NOT REQUIRE AV. I MENTIONED YOU THE CASE WHY I INSTALLED IT.    ​*


Pwned


----------



## nileshgr (Nov 30, 2007)

OK OK I WAS WRONG ABOUT THE FILE NAME.

The filename is


```
jdk-6u5-ea-bin-b05-linux-i586-16_oct_2007-rpm.bin
```

I thought it was


```
jdk-6u5-ea-bin-b05-linux-i586-16_oct_2007.rpm.bin
```

Now what you have to say praka123 and kalpik ?


----------



## kalpik (Nov 30, 2007)

Just realised one thing! Where did you get 6u5? The latest is 6u3! Download from here: *java.sun.com/javase/downloads/?intcmp=1281

The filename is: jdk-6u3-linux-i586.bin as i said, you downloaded the RPM version whose filename is jdk-6u3-linux-i586-rpm.bin

The direct link to the file is: *192.18.108.216/ECom/EComTicketServ...-JPR/jdk-6u3-oth-JPR:4/jdk-6u3-linux-i586.bin


----------



## praka123 (Dec 1, 2007)

well,how he got that version 6u5 

propagandas by disgruntled AV companies esp Kaspersky FUD about *NIX needing AV's 
even rkhunter et al will not help finding yet to find custom rootkits!.


----------



## nileshgr (Dec 1, 2007)

Thanks guys.

i got 6u5 from a site which has something about Tomcat JSP parser. i was trying that but i got bored out. So left it.



but 6u5 download URL was something related to SUN (don't remember).


----------



## rocket357 (Dec 4, 2007)

praka123 said:
			
		

> even rkhunter et al will not help finding yet to find custom rootkits!.


   Indeed...but it's much better at finding new rootkits than your typical user  =)  Point taken, though...rkhunter and the like can use heuristics to look for rootkit-like activity (hiding seemingly harmless files, etc...), but custom/bleeding edge stuff will always be a step ahead given the nature of the game.

And just as a side note, if you piss off the wrong person (i.e. one capable of writing a custom rootkit and exploiting your machine to install it), no amount of software is going to help...  heh


----------

