Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

Apologies... when I said that 'strings' didn't show anything, I meant that it didn't show anything related to the signature... the only thing I found in the strings output was the presence of "payload.sources": $ strings node | grep payload.so ArrayPrototypeIndexOf(payload.sources, originalSou

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

Hi Viktor, On Tue, 2 Aug 2022, Viktor Rosenfeld via clamav-users wrote: 22:51 hesk@kenny:~ $ clamscan /opt/homebrew/Cellar/node/18.7.0/bin/node Loading: 7s, ETA: 0s [>]8.62M/8.62M sigs Compiling: 2s, ETA: 0s [>] 41/41 tasks /o

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

That's the only thing I can think of. I had node 18.6.0 and I'm running ClamAV 0.105.0. That detected the node binary as having the same virus. However, when I upload and scan the binary with VirusTotal, their install of ClamAV does not detect it. Similarly, after I upgraded to node 18.7.0, my loc

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

Hi Ged, > Am 01.08.2022 um 12:20 schrieb G.W. Haywood >: > > The signature database has the facility to whitelist falsely flagged > files using a digest. These are propagated with the 'daily' updates. > Are you sure that your signature database is up to date?

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

Hi, Is it possible that the infected file is only found in arm64 versions? When I go to https://nodejs.org/en/ , it prompts me to download files for x64. However, I am on an Apple Air M1 and I just verified that the installed node binary is an arm64 executable. Cheers,

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

I downloaded and installed both current versions of Node.js 16.16.0 LTS & 18.7.0 from > and no infected files were found. -Al- -- ClamXAV user On Mon, Aug 01, 2022 at 02:50 AM, Viktor Rosenfeld via clamav-users wrote: > Hi, > > about a month ago

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

Hi there, On Mon, 1 Aug 2022, Viktor Rosenfeld via clamav-users wrote: about a month ago I reported a possible false positive on nodejs executables and related files [1]. After checking with Jotti’s Virus Scan and Virustotal, I also (twice) submitted the files to the ClamAV website as false pos

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

Hi, > Am 21.06.2022 um 01:04 schrieb G.W. Haywood : > > Agreed there might be grounds to suspect a false positive, but I'd > suggest that first you upload anything which has been flagged as > suspicious to somewhere like Virustotal or Jotti's Virus Scan. Then > take a view. If ClamAV is in a mi

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

On Jun 20, 2022, at 3:28 PM, Viktor Rosenfeld via clamav-users wrote: > Hi, > > A recent scan of my system found 8 infected files. On closer inspection, > these are all nodejs binaries, either installed through Homebrew or inside > another app (e.g., Docker or Adobe). Clamav reports that they

Re: [clamav-users] CVE_2021_4034-9951522 false positives on node executables

Hi there, On Tue, 21 Jun 2022, Viktor Rosenfeld via clamav-users wrote: A recent scan of my system found 8 infected files. On closer inspection, these are all nodejs binaries, either installed through Homebrew or inside another app (e.g., Docker or Adobe). Clamav reports that they are infected