Possible Malware?

flaneurette · November 25, 2025, 12:32pm

bug description (occurred issue):
Malware scanner Chkrootkit for linux, scanned and found a file created by SCM and labeled it as malware.
expected result / system behavior:
No malware detection?
observed result / system behavior:
No issues found, other than malware detection
SCM-Manager version and installed package:
SCM-Manager 3.11.0

Chkrootkit log:

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/sqlite-3.50.3.0-eb5077bd-a652-4d76-93ee-5e4deb93f13f-libsqlitejdbc.so

cd /tmp/

ls -la

-rwxr–r-- 1 scm scm 1072480 Nov 25 12:15 sqlite-3.50.3.0-eb5077bd-a652-4d76-93ee-5e4deb93f13f-libsqlitejdbc.so
-rw-r–r-- 1 scm scm 0 Nov 25 12:15 sqlite-3.50.3.0-eb5077bd-a652-4d76-93ee-5e4deb93f13f-libsqlitejdbc.so.lck

–

It seems like this might be a false positive; could you confirm if this is expected behavior for SCM?

pfeuffer · November 25, 2025, 1:26pm

Hey @flaneurette , thanks for sharing this observation. I ran chkrootkit on my local machine and got the same warning (besides for what looks like all of my yarn and node executables). I checked the sqlite library on VirusTotal, and it seems to be legit. Maybe you should check the hash of your file, the SHA256 hash should be 2cbffd50063f2500e0ec3455035f4e5fd1f64ef6e5963771da062b68c38730cb.

flaneurette · November 25, 2025, 1:47pm

I can confirm the hash checksum is the same, so it must be a false positive.

Thank you for confirming!

Topic		Replies	Views
Path traversal attack Bug Reports SCM-Manager	6	364	July 22, 2022
SCM-Manager and Log4Shell SCM-Manager	1	301	December 14, 2021
Security Vulnerability - PlantUML plugin - (XML-Parser Expat - CVE-2022-23852) SCM-Manager	0	599	February 2, 2022
SCM-Manager 3.3.0 and important vulnerability bugfix SCM-Manager release	0	24	July 8, 2024
SCM-Manager 3.7.0 SCM-Manager release	0	22	January 27, 2025

Possible Malware?

Related topics