False positive : Trojaned version of file '/bin/diff' detected on Ubuntu 22

[Nono-m0le]

Similar as https://github.com/ossec/ossec-hids/issues/2020 but for Ubuntu 22.04 LTS It follow an update from Ubuntu 20 to Ubuntu 22.

Rule: 510 (level 7) -> 'Host-based anomaly detection event (rootcheck).'
Trojaned version of file '/usr/bin/diff' detected. Signature used: 'bash|^/bin/sh|file\.h|proc\.h|/dev/[^n]|^/bin/.*sh' (Generic).

[noahbailey]

I get the same log on 22.04 & Bullseye, seems others see the same thing on Arch and Fedora, so likely not OS-dependent since they all use the same GNU coreutils.