ClamAV detected Kaiji malware on Ubuntu instance

pm flag

Today clamAV scanned my AWS instances and detect 24 infected files on each. It looks like false positive due to several reasons:

  1. All these files are created in October 2022 (why were they detected only now?)
  2. SSH port for each instance is protected by MFA + password + VPN.

So, my question, what my next steps should be in this case? Should I remove these files, as I understood it can be system files that other apps can use.

2023-06-07T13:03:41.658+03:00   /snap/amazon-ssm-agent/6563/amazon-ssm-agent: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:42.909+03:00   /snap/amazon-ssm-agent/6563/ssm-agent-worker: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:44.659+03:00   /snap/amazon-ssm-agent/6563/ssm-cli: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:45.660+03:00   /snap/amazon-ssm-agent/6563/ssm-document-worker: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:46.910+03:00   /snap/amazon-ssm-agent/6563/ssm-session-logger: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:47.910+03:00   /snap/amazon-ssm-agent/6563/ssm-session-worker: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:49.411+03:00   /snap/amazon-ssm-agent/6312/amazon-ssm-agent: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:50.662+03:00   /snap/amazon-ssm-agent/6312/ssm-agent-worker: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:51.912+03:00   /snap/amazon-ssm-agent/6312/ssm-cli: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:52.912+03:00   /snap/amazon-ssm-agent/6312/ssm-document-worker: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:53.913+03:00   /snap/amazon-ssm-agent/6312/ssm-session-logger: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:55.413+03:00   /snap/amazon-ssm-agent/6312/ssm-session-worker: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:56.695+03:00   /snap/lxd/24061/bin/lxc: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:57.414+03:00   /snap/lxd/24061/bin/lxc-to-lxd: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:58.164+03:00   /snap/lxd/24061/bin/lxd-agent: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:58.915+03:00   /snap/lxd/24061/bin/lxd-benchmark: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:01.666+03:00   /snap/lxd/24061/bin/lxd-migrate: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:06.073+03:00   /snap/lxd/24061/bin/snap-query: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:12.420+03:00   /snap/lxd/23991/bin/lxc: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:13.170+03:00   /snap/lxd/23991/bin/lxc-to-lxd: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:13.920+03:00   /snap/lxd/23991/bin/lxd-agent: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:14.671+03:00   /snap/lxd/23991/bin/lxd-benchmark: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:16.171+03:00   /snap/lxd/23991/bin/lxd-migrate: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:21.073+03:00   /snap/lxd/23991/bin/snap-query: Unix.Malware.Kaiji-10003916-0 FOUND
cn flag
Does this answer your question? [How do I deal with a compromised server?](
Rougher avatar
pm flag
@GregAskew I am looking for the specific answer for the specific problem. Also I am not sure still that it is a compromised server in my case. So, no
vn flag
From the answers, it's probably safe to assume this is a false positive. However, on point #1, note that malware can pretty trivially make fake created/modified timestamps fo rfiles.
Andrew T. avatar
pe flag
I hope someone who has enough reputation to [protect questions]( may protect this because it has garnered some low-quality "me too" answers.
cn flag
@Rougher: that comment is auto-generated from the selection of the canonical question used to close questions about compromised servers. However, it appears this has transitioned from the usual noise of kompromat to a dumpster fire of deploying broken data files. and has been corrected in version 26932 of new garbage data files released yesterday.
ne flag

I submitted a false positive report to ClamAV at

This was the description I submitted:

The attached "helper" file was retrieved by running:
docker cp "$(docker container create -d)":/cnb/buildpacks/paketo-buildpacks_ca-certificates/3.6.2/bin/helper .

clamscan run on that file outputs:
helper: Unix.Malware.Kaiji-10003916-0 FOUND

That docker image is from

Unix.Malware.Kaiji-10003916-0 is being detected in many files - this is just one sample. This false positive, new today, was also raised on stackoverflow at

I also ran the helper file through virustotal:

No scanners besides clamav detect a virus in this file.

An out of band update of the daily signature database was just published removing this signature:

With that, this false positive issue is now resolved.

The ClamAV project is also going to review its processes to prevent such false positives from occurring in the future.

I also reported this issue to ClamAV in their discord.

Rougher avatar
pm flag
Could you share their answer when they will answer you?
ki flag

ClamAV for me this morning (June 7 2023) is reporting Unix.Malware.Kaiji-10003916 found in various cloudwatch-agent, ssm-agent, gitlab and docker files on Amazon Linux. False alarms or I have a lot of cleanup to do!

Rougher avatar
pm flag
I also run today. Before every scanning, I run freshclamav. It was updated today from 26924 to 26931. Do you have the same version? So, do you think it is false positive?
Trevor avatar
ki flag
Yes, 26931 was the daily database version used to scan
ws flag

All the "me too" posts suggest this is a false positive, however it would still be worthwhile to verify your checksums.

dpkg keeps a record of the md5 hashes of all the files it has installed at /var/lib/dpkg/info/.md5sums

To find the package which owns a file, use dpkg -S or search for its checksum above.

RPM also maintains a list a file hashes (see verify options).

Andrew T. avatar
pe flag
Sorry for commenting on your post, but perhaps you may consider to [protect the question]( to prevent more low-quality "me too" answers.
ws flag
Although usually such posts are dicouraged here, in this instance they do add some value.
so flag

I'm also seeing this. I got some PHP webshell alerts from Sophos so was investigating and found this with clamav. Not sure it has anything to do with the alert from Sophos. Some of our instances used to run docker and my predecessor left it wide open and I cleaned all that up a long time ago but having googled kaiji I found something saying it was a botnet that exploited insecure docker installations. I ran one of the files through Virus Total and only ClamAV seems to think it's bad. I can't tell if it's a false positive or something new that only clam is picking up on right now

I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.