Best thing to do is submit them as false positives on ClamAV.net<http://clamav.net>
-- Joel Esler iPhone On Mar 17, 2016, at 6:54 AM, Thomas Stein <himbe...@meine-oma.de<mailto:himbe...@meine-oma.de>> wrote: Hello Clamav users. Last week i started to check a gentoo distfiles directory with clamscan. To my big surprise clamscan found a lot of infected files. Taking a closer look leads to the assumption all of them are false positives because most of them are debugging tools. ClamAV update process started at Sun Mar 13 22:00:01 2016 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.99 Recommended version: 0.99.1 DON'T PANIC! Read http://www.clamav.net/support/faq main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) daily.cld is up to date (version: 21464, sigs: 1878899, f-level: 63, builder: neo) bytecode.cld is up to date (version: 274, sigs: 49, f-level: 63, builder: anvilleg) /var/www/gentoomirror/distfiles/sbd-1.37.tar.gz: Win.Trojan.Agent-558335 FOUND /var/www/gentoomirror/distfiles/libzip-1.0.1.tar.xz: Php.Exploit.CVE_2015_2331-2 FOUND /var/www/gentoomirror/distfiles/sqlninja-0.2.6-r1.tgz: W32.Hacktool.KiTrap-1 FOUND /var/www/gentoomirror/distfiles/File-Scan-ClamAV-1.93.tar.gz: ClamAV-Test-Signature FOUND /var/www/gentoomirror/distfiles/olsrd-0.9.0.2.tar.bz2: Java.Exploit.CVE_2013_2472-1 FOUND /var/www/gentoomirror/distfiles/clamav-0.91.2.tar.gz: ClamAV-Test-File FOUND /var/www/gentoomirror/distfiles/metasploit-payloads-1.0.19.gem: Java.Trojan.Agent-31 FOUND /var/www/gentoomirror/distfiles/clamav-0.92.tar.gz: ClamAV-Test-File FOUND /var/www/gentoomirror/distfiles/metasploit-payloads-1.0.21.gem: Java.Trojan.Agent-31 FOUND /var/www/gentoomirror/distfiles/afl-1.80b.tgz: Win.Exploit.CVE_2015_0076 FOUND /var/www/gentoomirror/distfiles/metasploit-payloads-1.0.22.gem: Java.Trojan.Agent-31 FOUND /var/www/gentoomirror/distfiles/olsrd-0.6.4.tar.bz2: Java.Exploit.CVE_2013_2472-1 FOUND /var/www/gentoomirror/distfiles/libwbxml-0.11.2.tar.bz2: Win.Trojan.Ramnit-5837 FOUND /var/www/gentoomirror/distfiles/framework-2.7.tar.gz: Exploit.Alpha_Mixed FOUND /var/www/gentoomirror/distfiles/libzip-1.1.1.tar.xz: Php.Exploit.CVE_2015_2331-2 FOUND /var/www/gentoomirror/distfiles/wbxml2-0.9.2.tar.gz: Win.Trojan.Ramnit-5837 FOUND /var/www/gentoomirror/distfiles/File-Scan-ClamAV-1.91.tar.gz: ClamAV-Test-Signature FOUND /var/www/gentoomirror/distfiles/anomy-sanitizer-1.76.tar.gz: Exploit.WMF.Gen-1 FOUND /var/www/gentoomirror/distfiles/LinkChecker-9.3.tar.gz: ClamAV-Test-File FOUND /var/www/gentoomirror/distfiles/lg-112.tar.gz: HTML.Phishing.Pay-239 FOUND /var/www/gentoomirror/distfiles/afl-2.07b.tgz: Win.Exploit.CVE_2015_0076 FOUND /var/www/gentoomirror/distfiles/wbxml2-0.9.0-src.tar.gz: Win.Trojan.Ramnit-5837 FOUND /var/www/gentoomirror/distfiles/MailScanner-install-4.84.5-2.tar.gz: Eicar-Test-Signature-1 FOUND /var/www/gentoomirror/distfiles/lg-108.tar.gz: HTML.Phishing.Bank-1 FOUND /var/www/gentoomirror/distfiles/Mail-ClamAV-0.21.tar.gz: Eicar-Test-Signature FOUND /var/www/gentoomirror/distfiles/lg-130.tar.gz: HTML.Phishing.Bank-791 FOUND /var/www/gentoomirror/distfiles/Mail-ClamAV-0.22.tar.gz: Eicar-Test-Signature FOUND /var/www/gentoomirror/distfiles/nepenthes-0.2.2.tar.bz2: Trojan.Downloader.Bat FOUND /var/www/gentoomirror/distfiles/Mail-ClamAV-0.20.tar.gz: Eicar-Test-Signature FOUND /var/www/gentoomirror/distfiles/lg-issue86.tar.gz: Exploit.IFrame.Gen FOUND /var/www/gentoomirror/distfiles/metasploit-payloads-1.0.15.gem: Java.Trojan.Agent-31 FOUND /var/www/gentoomirror/distfiles/clamav-0.92.1.tar.gz: ClamAV-Test-File FOUND /var/www/gentoomirror/distfiles/lg-141.tar.gz: HTML.Phishing.Bank-473 FOUND /var/www/gentoomirror/distfiles/libzip-1.1.tar.xz: Php.Exploit.CVE_2015_2331-2 FOUND Is this a known behaviour? thanks and cheers t. _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
