Post your traur scan output and discuss here

Nice! Got an update of gaiasky, librewolf and mullvad. traur run pre-transaction-hook to scan the updated apps

gaiasky              3:3.7.3-1      3:3.7.4-1               0,04 MiB
librewolf-bin        1:151.0.4_1-1  1:152.0.0_1-1           6,48 MiB
mullvad-browser-bin  15.0.14-1      15.0.16-1               0,04 MiB

Gesamtgröße der installierten Pakete:  738,12 MiB
Größendifferenz der Aktualisierung:      6,56 MiB

:: Installation fortsetzen? [J/n] j
(3/3) Schlüssel im Schlüsselbund werden geprüft                                                                                                         [----------------------------------------------------------------------------------------------] 100%
(3/3) Paket-Integrität wird überprüft                                                                                                                   [----------------------------------------------------------------------------------------------] 100%
(3/3) Paket-Dateien werden geladen                                                                                                                      [----------------------------------------------------------------------------------------------] 100%
(3/3) Auf Dateikonflikte wird geprüft                                                                                                                   [----------------------------------------------------------------------------------------------] 100%
:: Pre-transaction-Hooks werden gestartet …
(1/1) Scanning packages for security issues...

  ╔╦╗╦═╗╔═╗╦ ╦╦═╗
   ║ ╠╦╝╠═╣║ ║╠╦╝
   ╩ ╩╚═╩ ╩╚═╝╩╚═
  Trust scoring for AUR packages

  Fetching maintainer data for 3 unique maintainers...
  Scanned: 3 package(s)                                                 
  TRUSTED: 3

traur: mullvad-browser-bin (trust: 89/100)
  Trust: TRUSTED
  Negative signals:
       P-CHECKSUM-MISMATCH: checksum count mismatch: source has 6 entries but sha256sums has 4

traur: librewolf-bin (trust: 96/100)
  Trust: TRUSTED
  Negative signals:
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: gaiasky (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

  All packages look clean.

I installed the regular traur package, not the bin package btw, it complied and installed in under a minute anyways: yay -S traur

I’ve got a nvidia mx150 so I have to use the nvidia-580-xx drivers from the AUR. So because of that, I figured why not install a few other gnome related apps from the AUR since I’ve got to use it anyways, which are apps that II like to use from time to time. I could install flatpak versions of cine, gradia, etc but part of the point for me being on endeavourOS is the ability to have native packages. Not sure I’ll keep this installed though, It was nice to check, but it’s not going to replace anything I already do.

scott@endeavourOS:~$ traur scan
  Fetching package metadata for 13 installed packages...
Scanning 13 AUR packages...
  Fetching maintainer data for 9 unique maintainers...

=== traur scan results ===
  Scanned: 13 packages (0 errors)
  TRUSTED: 9  OK: 4  SKETCHY: 0  SUSPICIOUS: 0  MALICIOUS: 0

=== 13 packages ===

traur: nvidia-580xx-dkms (trust: 62/100)
  Trust: OK
  Negative signals:
     ! P-SYSTEMD-CREATE: Creating/enabling systemd service
     ! P-KERNEL-MODULE-LOAD: Kernel module loading (potential rootkit)

traur: opencl-nvidia-580xx (trust: 62/100)
  Trust: OK
  Negative signals:
     ! P-SYSTEMD-CREATE: Creating/enabling systemd service
     ! P-KERNEL-MODULE-LOAD: Kernel module loading (potential rootkit)

traur: nvidia-580xx-utils (trust: 62/100)
  Trust: OK
  Negative signals:
     ! P-SYSTEMD-CREATE: Creating/enabling systemd service
     ! P-KERNEL-MODULE-LOAD: Kernel module loading (potential rootkit)

traur: traur (trust: 77/100)
  Trust: OK
  Negative signals:
     ! P-PACMAN-HOOK: Pacman hook creation (unusual for AUR packages)

traur: gradia (trust: 85/100)
  Trust: TRUSTED
  Negative signals:
       P-CHECKSUM-MISMATCH: checksum count mismatch: source has 4 entries but sha256sums has 2
       B-MAINTAINER-SINGLE: Maintainer has only 1 package

traur: minecraft-launcher (trust: 92/100)
  Trust: TRUSTED
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (pschichtel) differs from original submitter (shoghicp)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: pins (trust: 93/100)
  Trust: TRUSTED
  Negative signals:
       M-VOTES-LOW: Package has very few votes (1)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: parabolic (trust: 96/100)
  Trust: TRUSTED
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (mhdi) differs from original submitter (bordam)

traur: gpu-screen-recorder-gtk (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: cine (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: libxnvctrl-580xx (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: nvidia-580xx-settings (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: refine (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

Thanks for pointing out that tool!
On my work notebook I also have one “sketchy” package with timeshift-autosnap, which I guess is to be expected as it hooks into pacman by design (if I understood that correctly):

[knut@Thinkbox ~]$ traur scan
  Fetching package metadata for 10 installed packages...
Scanning 10 AUR packages...
  Fetching maintainer data for 10 unique maintainers...

=== traur scan results ===
  Scanned: 10 packages (0 errors)
  TRUSTED: 8  OK: 1  SKETCHY: 1  SUSPICIOUS: 0  MALICIOUS: 0

=== 10 packages ===

traur: timeshift-autosnap (trust: 57/100)
  Trust: SKETCHY
  Negative signals:
     ! P-PACMAN-HOOK: Pacman hook creation (unusual for AUR packages)
       B-SUBMITTER-CHANGED: Package maintainer (racehd) differs from original submitter (gobonja)
     ! B-ORPHAN-TAKEOVER: Adopted package with new git author (racehd) — orphan takeover pattern
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: traur-bin (trust: 77/100)
  Trust: OK
  Negative signals:
     ! P-PACMAN-HOOK: Pacman hook creation (unusual for AUR packages)

traur: splix (trust: 92/100)
  Trust: TRUSTED
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (roceb) differs from original submitter (arojas)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: jbig2enc (trust: 96/100)
  Trust: TRUSTED
  Negative signals:
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: ocrmypdf (trust: 96/100)
  Trust: TRUSTED
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (fbrennan) differs from original submitter (dreuter)

traur: zotero-bin (trust: 96/100)
  Trust: TRUSTED
  Negative signals:
       B-MAINTAINER-SINGLE: Maintainer has only 1 package

traur: netbird-ui-bin (trust: 97/100)
  Trust: TRUSTED
  Negative signals:
       M-VOTES-LOW: Package has very few votes (3)

traur: python-fpdf2 (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: netbird-bin (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: darkly-bin (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

Will have to look at my main computer, as I have more aur packages installed there due to my videogame habbit…

It remains to be seen, but I’m curious to see if traur keeps up development or if the last commit from 4 months ago ends up being the last update since it looks like it was written by Claude LLM code.

I checked out the repo and noticed that too. Nothing inherently wrong with that nowadays though. Old account, which is good, but the author seems to have only one other project and not contributed to other public software much. Could be security researcher/dev maybe judging by the other project.

But the project is only a fews months old, and now we had an AUR attack and everybody starts using it? That was my tinfoil moment and I uninstalled it again. You guys test it, I’m coming back in a year.

Exploiting the fear to be exploited is the perfect exploitation. Generally speaking

That is a valid point. clamav has a strong focus on Windows malware. And for the few linux malware that exist clamav is only detecting 30-60 % if I remember correctly (don’t remember where I found that number). But in conjunction with freshclam, which adds unofficial signatures, it checks 39670 linux/unix specific signatures:

# sigtool --list-sigs | grep -Ei 'linux|unix' | wc -l
39670

including:
2890 trojan
12 root kits
188 exploits
59 backdoors
49 ransomware

This is better than nothing. I check my PC approx. 2-3 times a year.

Do you run it as root on your / ?

I have my own script which I run as root on specific directories: /usr, /home and /opt

This is the script:

#!/bin/zsh

# scan directories for viruses with clamscan
# use clamdscan for multiple threads
# clamav-daemon.service is started automatically through the socket

# Email To
EMAIL="youruser@yourdomain"
VERSION="2.1"

echo "virusscan.sh version $VERSION"

DIR="$*"
if [ "z$DIR" = "z" ]; then
    DIR=$(pwd)
fi

systemctl status clamav-daemon.service &>/dev/null
ret=$?
if [[ $ret != 0 ]]; then
    sudo systemctl start clamav-daemon.service
fi

for d in $DIR; do
    TMPLOG=$(mktemp /tmp/clamav-scan.log.XXXXX)
    EMAILMESSAGE=$(mktemp /tmp/virus-alert.XXXXX)
    if [[ $d[1] == "/" ]]; then
        fullpath=$d
    else
        fullpath=$(pwd)/$d
    fi
    echo "Scanning $fullpath..."
    # start log file
    echo "# Scanning $fullpath" >>${TMPLOG}
    clamdscan --multiscan --fdpass --quiet -l $TMPLOG $fullpath
    echo >>${TMPLOG}
    echo "# Scan infected files with: " >>${TMPLOG}
    echo "# https://www.virustotal.com/gui/home/upload" >>${TMPLOG}
    # end of log file

    # write the email
    result=$(grep "Infected files:" $TMPLOG)
    SUBJECT="virus scan in $fullpath: $result"
    echo "To: ${EMAIL}" >>${EMAILMESSAGE}
    echo "From: root@rakete" >>${EMAILMESSAGE}
    echo "Subject: ${SUBJECT}" >>${EMAILMESSAGE}
    echo "Importance: High" >>${EMAILMESSAGE}
    echo "X-Priority: 1" >>${EMAILMESSAGE}
    echo >>${EMAILMESSAGE}
    cat ${TMPLOG} >>${EMAILMESSAGE}
    sendmail -t <${EMAILMESSAGE}

    rm ${TMPLOG}
    rm ${EMAILMESSAGE}
done

Dont forget to check config file /etc/clamav/clamd.conf. At least Exclude directions should be added here. Like in my case:

ExcludePath ^/proc/
ExcludePath ^/sys/
ExcludePath ^/dev/
ExcludePath ^/run/
ExcludePath ^/tmp/
ExcludePath ^/mnt/zstore/
ExcludePath ^/mnt/zf1/
ExcludePath ^/mnt/zHome/
ExcludePath ^/var/spool/
ExcludePath ^/var/tmp/
ExcludePath ^/var/log/
ExcludePath ^/opt/Bilder/
ExcludePath ^/data/

I was a bit paranoid about installing traur but I rolled the dice anyway:

=== traur scan results ===
Scanned: 5 packages (0 errors)
TRUSTED: 3 OK: 2 SKETCHY: 0 SUSPICIOUS: 0 MALICIOUS: 0

=== 5 packages ===

traur: logseq-desktop-bin (trust: 64/100)
Trust: OK
Negative signals:
B-MAINTAINER-SINGLE: Maintainer has only 1 package
B-SUBMITTER-CHANGED: Package maintainer (Manjusaka) differs from original submitter (xuanwo)
T-AUTHOR-CHANGE: Git history shows multiple different authors
! SA-HIGH-ENTROPY-HEREDOC: heredoc with high entropy (5.5 bits/byte, 606 bytes)

traur: traur (trust: 77/100)
Trust: OK
Negative signals:
! P-PACMAN-HOOK: Pacman hook creation (unusual for AUR packages)

traur: wootility (trust: 100/100)
Trust: TRUSTED
No negative signals found.

traur: google-chrome (trust: 100/100)
Trust: TRUSTED
No negative signals found.

traur: yubico-authenticator-bin (trust: 100/100)
Trust: TRUSTED
No negative signals found.

Thank you so much @mbod! Very kind of you to share your script!
You really got me inspired to look into clamv more closely.

I had previously, just occasionally run it on the content of some directories bur your script takes it to another level. If you don’t mind I could copy it and try adapting it to my system. Thanks again!

was a giant bloated false-positive machine last time I used it but @mbod 's script seems to give it some focus, I agree

You couldn’t have said this any ‘better’. . . I’m in total agreement. . . If everything is still functional don’t worry too much about it. I have yet to see any major issues with my computer and it’s software working . . . ‘knock on wood’. . .

Rich

[richardc@richard-ms7c91 ~]$ traur scan
  Fetching package metadata for 68 installed packages...
Scanning 68 AUR packages...
  Fetching maintainer data for 56 unique maintainers...

=== traur scan results ===
  Scanned: 68 packages (0 errors)
  TRUSTED: 56  OK: 12  SKETCHY: 0  SUSPICIOUS: 0  MALICIOUS: 0

=== 68 packages ===

traur: python-ewmh (trust: 62/100)
  Trust: OK
  Negative signals:
       P-CHECKSUM-MISMATCH: checksum count mismatch: source has 3 entries but sha256sums has 1
       B-SUBMITTER-CHANGED: Package maintainer (xiota) differs from original submitter (whynothugo)
     ! B-ORPHAN-TAKEOVER: Adopted package with new git author (xiota) — orphan takeover pattern
       T-AUTHOR-CHANGE: Git history shows multiple different authors
     ! T-DIFF-SOURCE-DOMAIN-CHANGED: Source URLs changed to new domain(s): files.pythonhosted.org
       T-DIFF-MAJOR-REWRITE: 77% of PKGBUILD lines changed (unusual for version bump)

traur: python-jplephem (trust: 65/100)
  Trust: OK
  Negative signals:
     ! P-PYTHON-INLINE: Python inline code execution
       P-WEAK-CHECKSUMS: Using weak checksums (md5/sha1) without stronger alternative
       M-VOTES-LOW: Package has very few votes (1)
       M-POP-ZERO: Popularity is 0 (no recent usage)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: rmlint-git (trust: 69/100)
  Trust: OK
  Negative signals:
       P-CHECKSUM-MISMATCH: checksum count mismatch: source has 3 entries but sha256sums has 1
       B-SUBMITTER-CHANGED: Package maintainer (vtc) differs from original submitter (SahibBommelig)
     ! B-ORPHAN-TAKEOVER: Adopted package with new git author (Fermín Olaiz) — orphan takeover pattern
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: ocs-url (trust: 76/100)
  Trust: OK
  Negative signals:
       P-SKIP-ALL: All checksums are SKIP (no integrity verification)
       B-SUBMITTER-CHANGED: Package maintainer (Pol_M) differs from original submitter (oberon2007)
       T-AUTHOR-CHANGE: Git history shows multiple different authors
     ! T-DIFF-CHECKSUM-REMOVED: All checksums changed to SKIP in latest update

traur: aiksaurus (trust: 77/100)
  Trust: OK
  Negative signals:
       M-VOTES-LOW: Package has very few votes (3)
       B-SUBMITTER-CHANGED: Package maintainer (andreas_baumann) differs from original submitter (City-busz)
     ! B-ORPHAN-TAKEOVER: Adopted package with new git author (Andreas Baumann) — orphan takeover pattern
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: traur (trust: 77/100)
  Trust: OK
  Negative signals:
     ! P-PACMAN-HOOK: Pacman hook creation (unusual for AUR packages)

traur: solvespace (trust: 77/100)
  Trust: OK
  Negative signals:
       P-SKIP-ALL: All checksums are SKIP (no integrity verification)
       B-MAINTAINER-SINGLE: Maintainer has only 1 package
       B-SUBMITTER-CHANGED: Package maintainer (Mike_Went) differs from original submitter (oslik)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: clipgrab (trust: 78/100)
  Trust: OK
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (mhdi) differs from original submitter (City-busz)
     ! B-ORPHAN-TAKEOVER: Adopted package with new git author (Mahdi Sarikhani) — orphan takeover pattern
       T-AUTHOR-CHANGE: Git history shows multiple different authors
       T-DIFF-MAJOR-REWRITE: 54% of PKGBUILD lines changed (unusual for version bump)

traur: octopi (trust: 79/100)
  Trust: OK
  Negative signals:
     ! P-NO-CHECKSUMS: No checksum array found in PKGBUILD
       B-SUBMITTER-CHANGED: Package maintainer (xiota) differs from original submitter (ImNtReal)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: picosnitch (trust: 80/100)
  Trust: OK
  Negative signals:
     ! P-SYSTEMD-CREATE: Creating/enabling systemd service
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: qt-sudo (trust: 80/100)
  Trust: OK
  Negative signals:
       P-SKIP-ALL: All checksums are SKIP (no integrity verification)
       M-OUT-OF-DATE: Package is flagged as out of date
       B-SUBMITTER-CHANGED: Package maintainer (sl1pkn07) differs from original submitter (matmoul)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: qt5-webchannel (trust: 80/100)
  Trust: OK
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (zen) differs from original submitter (arojas)
     ! B-ORPHAN-TAKEOVER: Adopted package with new git author (Zen Wen) — orphan takeover pattern
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: hotspot (trust: 81/100)
  Trust: TRUSTED
  Negative signals:
       P-SKIP-ALL: All checksums are SKIP (no integrity verification)
       B-SUBMITTER-CHANGED: Package maintainer (Rubo) differs from original submitter (Horus)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: forum-scout (trust: 81/100)
  Trust: TRUSTED
  Negative signals:
     ! M-VOTES-ZERO: Package has zero votes
       M-POP-ZERO: Popularity is 0 (no recent usage)
       B-SUBMITTER-CHANGED: Package maintainer (musdus) differs from original submitter (yochananmarqos)
       T-AUTHOR-CHANGE: Git history shows multiple different authors
       M-GITHUB-STARS-ZERO: Upstream GitHub repo has 0 stars

traur: fsearch (trust: 81/100)
  Trust: TRUSTED
  Negative signals:
       P-CHECKSUM-MISMATCH: checksum count mismatch: source has 3 entries but sha256sums has 1
       B-SUBMITTER-CHANGED: Package maintainer (xiota) differs from original submitter (wander)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: onlyoffice-bin (trust: 81/100)
  Trust: TRUSTED
  Negative signals:
       P-CHECKSUM-MISMATCH: checksum count mismatch: source has 4 entries but sha256sums has 2
       B-SUBMITTER-CHANGED: Package maintainer (dbermond) differs from original submitter (mikalair)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: stacer-bin (trust: 81/100)
  Trust: TRUSTED
  Negative signals:
     ! B-MAINTAINER-BATCH: Maintainer created 21 packages in the last 48 hours
       B-SUBMITTER-CHANGED: Package maintainer (Dominiquini) differs from original submitter (liberodark)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: qt5-webengine (trust: 81/100)
  Trust: TRUSTED
  Negative signals:
       P-CHECKSUM-MISMATCH: checksum count mismatch: source has 31 entries but md5sums has 9
       B-SUBMITTER-CHANGED: Package maintainer (severach) differs from original submitter (arojas)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: peertube (trust: 84/100)
  Trust: TRUSTED
  Negative signals:
     ! P-SYSTEMD-CREATE: Creating/enabling systemd service

traur: 4kslideshowmaker (trust: 85/100)
  Trust: TRUSTED
  Negative signals:
       P-CHECKSUM-MISMATCH: checksum count mismatch: source has 6 entries but sha256sums has 4
       M-POP-ZERO: Popularity is 0 (no recent usage)

traur: 4kvideodownloader (trust: 85/100)
  Trust: TRUSTED
  Negative signals:
       P-CHECKSUM-MISMATCH: checksum count mismatch: source has 6 entries but sha256sums has 4
       M-POP-ZERO: Popularity is 0 (no recent usage)

traur: google-earth-pro (trust: 85/100)
  Trust: TRUSTED
  Negative signals:
       P-CHECKSUM-MISMATCH: checksum count mismatch: source has 13 entries but b2sums has 5
       B-SUBMITTER-CHANGED: Package maintainer (iyanmv) differs from original submitter (Det)

traur: pinta (trust: 85/100)
  Trust: TRUSTED
  Negative signals:
     ! B-MAINTAINER-BATCH: Maintainer created 21 packages in the last 48 hours
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: freetube-bin (trust: 85/100)
  Trust: TRUSTED
  Negative signals:
       P-CHECKSUM-MISMATCH: checksum count mismatch: source_x86_64 has 3 entries but sha256sums_x86_64 has 1
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: zoom (trust: 85/100)
  Trust: TRUSTED
  Negative signals:
       P-CHECKSUM-MISMATCH: checksum count mismatch: source has 3 entries but sha512sums has 1
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: converternow-bin (trust: 86/100)
  Trust: TRUSTED
  Negative signals:
       P-CHECKSUM-MISMATCH: checksum count mismatch: source has 4 entries but sha256sums has 2
       M-VOTES-LOW: Package has very few votes (3)

traur: libpasastro (trust: 86/100)
  Trust: TRUSTED
  Negative signals:
       M-VOTES-LOW: Package has very few votes (4)
       M-POP-ZERO: Popularity is 0 (no recent usage)
       B-SUBMITTER-CHANGED: Package maintainer (oldherl) differs from original submitter (anatolyb)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: java-20-jdk (trust: 87/100)
  Trust: TRUSTED
  Negative signals:
       P-WEAK-CHECKSUMS: Using weak checksums (md5/sha1) without stronger alternative
     ! M-VOTES-ZERO: Package has zero votes
       M-POP-ZERO: Popularity is 0 (no recent usage)

traur: photofilmstrip (trust: 88/100)
  Trust: TRUSTED
  Negative signals:
       P-WEAK-CHECKSUMS: Using weak checksums (md5/sha1) without stronger alternative
       M-POP-ZERO: Popularity is 0 (no recent usage)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: aladin (trust: 88/100)
  Trust: TRUSTED
  Negative signals:
       P-WEAK-CHECKSUMS: Using weak checksums (md5/sha1) without stronger alternative
       M-POP-ZERO: Popularity is 0 (no recent usage)
       B-SUBMITTER-CHANGED: Package maintainer (saimn) differs from original submitter (dodooft)

traur: convertall (trust: 89/100)
  Trust: TRUSTED
  Negative signals:
       M-POP-ZERO: Popularity is 0 (no recent usage)
       B-SUBMITTER-CHANGED: Package maintainer (vantu5z) differs from original submitter (pressh)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: popsicle (trust: 89/100)
  Trust: TRUSTED
  Negative signals:
       P-SKIP-ALL: All checksums are SKIP (no integrity verification)

traur: pysolfc-music (trust: 89/100)
  Trust: TRUSTED
  Negative signals:
       P-WEAK-CHECKSUMS: Using weak checksums (md5/sha1) without stronger alternative
       M-VOTES-LOW: Package has very few votes (1)
       M-POP-ZERO: Popularity is 0 (no recent usage)

traur: dia-git (trust: 89/100)
  Trust: TRUSTED
  Negative signals:
       M-VOTES-LOW: Package has very few votes (4)
       B-SUBMITTER-CHANGED: Package maintainer (a821) differs from original submitter (lilac)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: python-sgp4 (trust: 89/100)
  Trust: TRUSTED
  Negative signals:
       M-VOTES-LOW: Package has very few votes (2)
       M-POP-ZERO: Popularity is 0 (no recent usage)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: lightzone (trust: 89/100)
  Trust: TRUSTED
  Negative signals:
       M-POP-ZERO: Popularity is 0 (no recent usage)
       B-SUBMITTER-CHANGED: Package maintainer (ktgw0316) differs from original submitter (N30N)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: python-skyfield (trust: 89/100)
  Trust: TRUSTED
  Negative signals:
       M-VOTES-LOW: Package has very few votes (3)
       M-POP-ZERO: Popularity is 0 (no recent usage)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: skychart (trust: 89/100)
  Trust: TRUSTED
  Negative signals:
       M-VOTES-LOW: Package has very few votes (3)
       M-POP-ZERO: Popularity is 0 (no recent usage)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: phoronix-test-suite (trust: 92/100)
  Trust: TRUSTED
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (FabioLolix) differs from original submitter (Barthalion)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: clementine (trust: 92/100)
  Trust: TRUSTED
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (FabioLolix) differs from original submitter (arojas)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: python-pulsectl (trust: 92/100)
  Trust: TRUSTED
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (TheEdgeOfRage) differs from original submitter (WorMzy)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: openwebstart-bin (trust: 92/100)
  Trust: TRUSTED
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (Alfred456654) differs from original submitter (fourbytes)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: qt5-location (trust: 92/100)
  Trust: TRUSTED
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (FabioLolix) differs from original submitter (arojas)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: topcat (trust: 92/100)
  Trust: TRUSTED
  Negative signals:
       P-WEAK-CHECKSUMS: Using weak checksums (md5/sha1) without stronger alternative
       M-POP-ZERO: Popularity is 0 (no recent usage)

traur: splix (trust: 92/100)
  Trust: TRUSTED
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (roceb) differs from original submitter (arojas)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: xpm-pixbuf-git (trust: 92/100)
  Trust: TRUSTED
  Negative signals:
     ! M-VOTES-ZERO: Package has zero votes
       M-POP-ZERO: Popularity is 0 (no recent usage)

traur: yed (trust: 92/100)
  Trust: TRUSTED
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (Bevan) differs from original submitter (fatmike)
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: archlinux-java-run (trust: 96/100)
  Trust: TRUSTED
  Negative signals:
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: caffeine-ng (trust: 96/100)
  Trust: TRUSTED
  Negative signals:
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: jitsi-meet-desktop-bin (trust: 96/100)
  Trust: TRUSTED
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (C0rn3j) differs from original submitter (mr.eshua)

traur: lib32-gst-plugins-base-libs (trust: 96/100)
  Trust: TRUSTED
  Negative signals:
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: lib32-gstreamer (trust: 96/100)
  Trust: TRUSTED
  Negative signals:
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: signal-desktop-beta-bin (trust: 96/100)
  Trust: TRUSTED
  Negative signals:
       T-AUTHOR-CHANGE: Git history shows multiple different authors

traur: xnviewmp (trust: 96/100)
  Trust: TRUSTED
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (Corax) differs from original submitter (oliwer)

traur: dwproton-bin (trust: 97/100)
  Trust: TRUSTED
  Negative signals:
       M-VOTES-LOW: Package has very few votes (4)

traur: openshot-bin (trust: 97/100)
  Trust: TRUSTED
  Negative signals:
       M-VOTES-LOW: Package has very few votes (3)

traur: solaar-git (trust: 99/100)
  Trust: TRUSTED
  Negative signals:
       M-OUT-OF-DATE: Package is flagged as out of date

traur: popcorntime (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: josm-latest (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: dict-moby-thesaurus (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: gaiasky (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: naps2 (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: qcustomplot-qt6 (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: radiotray-ng (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: pacseek (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: shelly (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: ventoy-bin (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.

traur: upscayl-bin (trust: 100/100)
  Trust: TRUSTED
  No negative signals found.
[richardc@richard-ms7c91 ~]$ 

My computer is still running.  .  .  'knock on wood' .  .  .  

Rich ;)

I thought Stacer? Cool. Used to love that app.

Then I saw the flag: " Maintainer created 21 packages in the last 48 hours"

Busy beaver I guess.

I’d consider revisiting Clam but everything running fine, as you say. I’ve grown really comfortable with a Linux-focused, audit AV called Lynis I use twice a year, btw.

Lynis will only audit your system’s security posture and may or may not detect if it has been compromised. Personally, I use ClamAV and RKHunter for threat detection, complemented by OpenSnitch and PicoSnitch for network control and monitoring. Together, they provide a good level of visibility into what’s happening on the system.

>>> traur scan                                                                                           
  Fetching package metadata for 2 installed packages...
Scanning 2 AUR packages...
  Fetching maintainer data for 2 unique maintainers...

=== traur scan results ===
  Scanned: 2 packages (0 errors)
  TRUSTED: 0  OK: 2  SKETCHY: 0  SUSPICIOUS: 0  MALICIOUS: 0

=== 2 packages ===

traur: vscodium-bin (trust: 71/100)
  Trust: OK
  Negative signals:
       B-SUBMITTER-CHANGED: Package maintainer (Icelk) differs from original submitter (ckatri)
     ! SA-HIGH-ENTROPY-HEREDOC: heredoc with high entropy (5.3 bits/byte, 3330 bytes)

traur: traur-bin (trust: 77/100)
  Trust: OK
  Negative signals:
     ! P-PACMAN-HOOK: Pacman hook creation (unusual for AUR packages)

you win the award with the least amt of packages !

what is the “high entropy” tag I wonder (rhetorical)?

I actually won something! I never win anything.

I started to install clamav-desktop-bin from the AUR…

traur1335×754 152 KB

File this under “Look What Else Traur Can Do”–it inserts itself right into the Yay process...I aborted my install based on what it told me.