Strange perl script

Paul Schmehl pauls at
Wed Oct 17 15:23:52 PDT 2007

--On Wednesday, October 17, 2007 23:51:39 +0200 Peo Nilsson 
<per-olof.nilsson at> wrote:
> I scanned my FreeBSD 6.2-Release (ports up to date) with
> Avira Antivir personal ed, some days ago. The scanner returned
> this:
> ...<snap>
> checking drive/path (cwd): /
> /usr/ports/security/p5-openxpki-client-html-mason/pkg-plist
>  Date: 11.10.2007  Time: 16:04:06  Size: 9975
> [HTML/MHT.Gen]
> /usr/ports/security/p5-openxpki-client-html-mason/pkg-plist <<< Contains
> detection pattern of the HTML script virus HTML/MHT.Gen <snap>...
> The information Avira has one can read here:
> html
> I posted a question to openxpki-devel at
> They proposed that the scanner probably was "to nervous" for using with
> Unix. (I can't tell myself)
> Don't know if this says anything, but I though I would mention it
> when I saw your posts.

I've never heard of a "nervous" anti-virus scanner, but that "detection" is 
clearly a false positive.  The pkg-plist file is a list of the files and 
directories installed by the port, so that they can be removed when you run 
"make deinstall".  Avira probably saw one of the strings in the file as a 
possible match to a known malicious script.

In fact, their description says it's "a generic detection routine designed 
to detect common family characteristics shared in several variants"

If you're so inclined, you could report it to Avira so they can tweak their 
detection accordingly.

Paul Schmehl (pauls at
Senior Information Security Analyst
The University of Texas at Dallas

More information about the freebsd-questions mailing list