A couple of weeks ago, one of my users reported that his Malwarebytes was
warning him of a potential Trojan when he tried to connect here via telnet. At
the time, I assumed it was because I have iptables set up to redirect the port
from 23 to the "non root" port that Syncrhonet is listening on.

However, I have since had a fellow sysop who connects here to exchange mail
report the same thing. Because the bink port that binkit listens on is not a
"needs root" port, I don't have that one redirected by iptables. He also tried
it via telnet and sent me the error message. I cannot see what Trojan it
thinks is on this end -- I don't think the message says.

I have asked him to resend the message as text so I can share it. Malwarebytes
was actually blocking our systems from exchanging mail.

I did scan with ClamAV and all it reports are some "potentially unwanted
applications" -- some DOS programs in my download directories that are
apparently compressed with PKlite.

As I only have linux machines, I don't have any experience with Malwarebytes.
Has anyone else run into this -- is it a case of Malwarebytes just not liking
BBSes or something else?

Thanks!
#

---
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: Malwarebytes reports trojan
By: Dumas Walker to All on Sat Jan 20 2024 10:41 am

>
> As I only have linux machines, I don't have any experience with
> Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes
> just not liking BBSes or something else?
>

it sounds like he's using the trial version or the paid version where you have more features. honestly it's just overkill unless you really ARE infected and you want to try to clean out your system.

i would install it to try on your system bu it's become so convoluted i wont want it on my systems.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

> > As I only have linux machines, I don't have any experience with
> > Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes
> > just not liking BBSes or something else?

> it sounds like he's using the trial version or the paid version where you have
> ore features. honestly it's just overkill unless you really ARE infected and
> u want to try to clean out your system.

I think it is the paid version.

> i would install it to try on your system bu it's become so convoluted i wont w
> t it on my systems.

Isn't Malwarebytes a windows program?

* SLMR 2.1a * Tinnn Rooooooooof! --Rusted!

---
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

> As I only have linux machines, I don't have any experience with
> Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes
> just not liking BBSes or something else?

FYI, here is the message one of them is getting when trying to surf over
via the web (line wraped).

Location:
https://block.malwarebytes.com?lic=Licensed&cat=Trojan&lang=en&prod=MBAM-C&ver=4
..6.7.301&cpv=1.0.2222&upv=1.0.79814&ldr=290&ip=67.131.57.133&url=capitolcityonli
ne.net
Connection: close

Website blocked due to a Trojan

Your Malwarebytes Premium blocked this website because it may contain a Trojan.

The main thing I am concerned about is that any Windows sysop who runs
Malwarebytes Premium probably thinks that their connections have "gone
down" when in reality Malwarebytes is rerouting the outbound traffic to a
"127." address, and blocking the inbound traffic, to their hub or node.

* SLMR 2.1a * AAAAA - American Association Against Acronym Abuse

---
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: Malwarebytes reports troj
By: Dumas Walker to MRO on Sun Jan 21 2024 09:49 am

> > i would install it to try on your system bu it's become so convoluted i
> > wont w
> > t it on my systems.
>
> Isn't Malwarebytes a windows program?
>

yeah it is. it used to be good back in the day. i installed it in the middle of last year and it was just to convoluted and annoying to run.

i supposed if you download a lot of viruses it would be useful.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Re: Malwarebytes reports troj
By: Dumas Walker to ALL on Sun Jan 21 2024 09:54 am

> https://block.malwarebytes.com?lic=Licensed&cat=Trojan&lang=en&prod=M
> BAM-C&ver=4 .6.7.301&cpv=1.0.2222&upv=1.0.79814&ldr=290&ip=67.131.57.133&url
> =capitolcityonl i
> ne.net
> Connection: close

it's also possible that your ip got blacklisted by malwarebytes.
you could have got scanned by one of those shitty port scanners and you got put on a list for being compromised and malwarebytes used the list.

you can contact malwarebytes and try to get it removed.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

>it's also possible that your ip got blacklisted by malwarebytes.
>you could have got scanned by one of those shitty port scanners and you got put
>on a list for being compromised and malwarebytes used the list.

That is what I also suspect.

* SLMR 2.1a * Halloween is *not* Christmas, even though 31 oct = 25 dec

---
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: Malwarebytes reports troj
By: Dumas Walker to MRO on Mon Jan 22 2024 09:28 am

> >it's also possible that your ip got blacklisted by malwarebytes.
> >you could have got scanned by one of those shitty port scanners and you got
> put
> >on a list for being compromised and malwarebytes used the list.
>
> That is what I also suspect.
>
>

the reason why that popped in my head is stuff like this happened to me more than a few times over the years, especially when i was running my servers off a residential ip address.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::