Comment by tonymet

23 days ago

the primitive clamscan experiment worked! it detected Txt.Trojan.TeamPCP-10059839-1 from the .tar.gz archive. I'll continue testing to see if it's viable

   # apk add clamav-scanner freshclam
   # freshclam
   # curl -LO https://web.archive.org/web/20260325073027/https://files.pythonhosted.org/packages/f6/2c/731b614e6cee0bca1e010a36fd381fba69ee836fe3cb6753ba23ef2b9601/litellm-1.82.8.tar.gz

    # clamscan litellm-1.82.8.tar.gz
   Loading:     6s, ETA:   0s [========================>]    3.63M/3.63M sigs
   Compiling:   2s, ETA:   0s [========================>]       41/41 tasks

   /root/supply-chain-scanner/pkg/litellm-1.82.8.tar.gz: Txt.Trojan.TeamPCP-10059839-1 FOUND

   ----------- SCAN SUMMARY -----------
   Known viruses: 3627757
   Engine version: 1.4.4
   Scanned directories: 0
   Scanned files: 1
   Infected files: 1
   Data scanned: 94.98 MB
   Data read: 16.59 MB (ratio 5.72:1)
   Time: 50.057 sec (0 m 50 s)
   Start Date: 2026:04:01 19:57:23
   End Date:   2026:04:01 19:58:13

0 comments

tonymet

No comments yet

Contribute on Hacker News ↗