Re: [clamav-users] False positive?

Mon, 08 Apr 2024 08:57:03 -0700 


There are also reports on Reddit today of ClamAV finding this:
https://www.reddit.com/r/flatpak/comments/1byn8og/clamav_detecting_winvirusexpiro100265760_malware/?rdt=45424

One reply says:

I ran one of the files tagged as a virus by Clamav through VirusTotal.com; 
out of 64 anti-virus utilities only Clamav tagged it as a virus. Can't 
imagine this not being a false positive.


 On Mon, 8 Apr 2024, Richard wrote:


After updating to the latest virus signature files using
freshclam, I am suddenly getting infected file reports
that I never got before. I don't think the affected files have
changed, at least the creation dates and size in bytes are
still the same. How can I tell whether this is a real virus
or malware, or if it is just a false positive? If I submit
one of the files using clamsubmit, will it be analyzed to
determine whether it is a false positive? I'm not sure if
files submitted using clamsubmit are analyzed, or whether
it is just assumed that they are false positives.
I am using a Linux operating system that was built using
linuxfromscratch.org.
Here is a list of the files that clamscan reported:


/usr/lib/python3.11/ensurepip/_bundled/pip-23.1.2-py3-none-any.whl: 
Win.Virus.Expiro-10026576-0 FOUND
/usr/lib/python3.11/site-packages/pip/_vendor/distlib/t64-arm.exe: 
Win.Virus.Expiro-10026576-0 FOUND
/usr/lib/python3.11/site-packages/pip/_vendor/distlib/t32.exe: 
Win.Virus.Expiro-10026576-0 FOUND
/usr/lib/python3.11/site-packages/pip/_vendor/distlib/w64.exe: 
Win.Virus.Expiro-10026576-0 FOUND
/usr/lib/python3.11/site-packages/pip/_vendor/distlib/t64.exe: 
Win.Virus.Expiro-10026576-0 FOUND
/usr/lib/python3.11/site-packages/pip/_vendor/distlib/w64-arm.exe: 
Win.Virus.Expiro-10026576-0 FOUND
/usr/lib/python3.11/site-packages/pip/_vendor/distlib/w32.exe: 
Win.Virus.Expiro-10026576-0 FOUND


Richard


--
Andrew C. Aitchison                      Kendal, UK
                   and...@aitchison.me.uk
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat






















					Reply via email to