Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: possable unwanted files

  1. #1
    Join Date
    Feb 2013
    Location
    Indiana
    Posts
    267

    Default possable unwanted files

    My clamav is pointing to these particular files. Is there any reason for me to be concerned.
    Can someone give me a clue.

    Thanks

    /doc/packages/libgphoto2/libgphoto2-api.html/jquery.js PUA.HTML.Exploit.CVE_2014_0322
    /usr/lib64/efi/shim-opensuse.efi PUA.Win32.Packer.PrivateExeProte-7
    /usr/lib64/efi/MokManager.efi PUA.Win32.Packer.PrivateExeProte-7
    /usr/lib64/efi/shim.efi PUA.Win32.Packer.PrivateExeProte-7
    /usr/lib64/wine/fakedlls/clock.exe PUA.Win32.Packer.PrivateExeProte-7
    /usr/lib64/wine/fakedlls/user32.dll PUA.Win32.Packer.PrivateExeProte-7
    /usr/lib64/wine/fakedlls/comctl32.dll PUA.Win32.Packer.PrivateExeProte-7
    /usr/lib/wine/fakedlls/clock.exe PUA.Win32.Packer.PrivateExeProte-7
    /usr/lib/wine/fakedlls/user32.dll PUA.Win32.Packer.PrivateExeProte-7
    /usr/lib/wine/fakedlls/comctl32.dll PUA.Win32.Packer.PrivateExeProte-7
    Mike

    AMD Athlon(tm) II X3 435 Processor, (RAM): 8.0 GiB, openSUSE Leap 42.2, (x86_64)
    KDE: 4.10, ATI Radeon HD Graphics

  2. #2
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,004

    Default Re: possable unwanted files

    It's a problem with the ClamAV signatures - they are giving false positives for files. FakeDLL's are required for Wine to work and the jquery is a false positive.

    Some OS X users ran into similar issues just a few weeks ago.
    .: miuku #suse @ irc.freenode.net
    :: miuku@opensuse.org

    .: h​ttps://download.opensuse.org/repositories/home:/Miuku/

  3. #3
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,649

    Default Re: possable unwanted files

    IMO clamav should be used only scan files that may go to a windows machine. It should not be used as a general AV for Linux. Really it is not needed and is pron to false alerts.

    The shim files are used to boot into EFI secure boot BIOS



    .

  4. #4
    Join Date
    Feb 2013
    Location
    Indiana
    Posts
    267

    Default Re: possable unwanted files

    Quote Originally Posted by gogalthorp View Post
    IMO clamav should be used only scan files that may go to a windows machine. It should not be used as a general AV for Linux. Really it is not needed and is pron to false alerts.

    The shim files are used to boot into EFI secure boot BIOS



    .
    About every other blue moon I will scan my entire system. That is when i get my usual false positives, some of these files were listed the last time as well. I just had to be curious about them.
    Mike

    AMD Athlon(tm) II X3 435 Processor, (RAM): 8.0 GiB, openSUSE Leap 42.2, (x86_64)
    KDE: 4.10, ATI Radeon HD Graphics

  5. #5
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: possable unwanted files

    On 2014-07-16 00:06, mike7757 wrote:

    > .About every other blue moon I will scan my entire system. That is when i
    > get my usual false positives, some of these files were listed the last
    > time as well. I just had to be curious about them.


    Just try a different antivirus and see if they complain on the same files.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  6. #6
    Join Date
    Feb 2013
    Location
    Indiana
    Posts
    267

    Default Re: possable unwanted files

    Quote Originally Posted by robin_listas View Post
    On 2014-07-16 00:06, mike7757 wrote:

    > .About every other blue moon I will scan my entire system. That is when i
    > get my usual false positives, some of these files were listed the last
    > time as well. I just had to be curious about them.


    Just try a different antivirus and see if they complain on the same files.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))
    I also have Avast on my machine. I never rely on a single source. I am also in the curious mind about knowing for certain that my machine would not have a rootkit within itself. I don't suspect that it does, but I wouldn't mind knowing for sure. How does one know without a doubt.
    Mike

    AMD Athlon(tm) II X3 435 Processor, (RAM): 8.0 GiB, openSUSE Leap 42.2, (x86_64)
    KDE: 4.10, ATI Radeon HD Graphics

  7. #7
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: possable unwanted files

    On 2014-07-15 21:56, gogalthorp wrote:
    >
    > IMO clamav should be used only scan files that may go to a windows
    > machine.


    Or Wine. If it is not very clear how immune or not it is.

    Also the EFI bootloader could become a target, because no matter what
    operating system they end loading, they have to use, I understand, only
    the UEFI API and files in that boot partition.

    Thus probably a virus targeting Windows EFI loader could target as well
    a Linux EFI loader. What they could do when the operating system
    actually loads, I have no idea. I haven't enough info.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  8. #8
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,649

    Default Re: possable unwanted files

    Wine is NOT immune to Windows virus but it can not spread to Linux from wine. Wipe wine reinstall and the virus is gone

    In any case it is simply not needed to scan the full system.

  9. #9
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: possable unwanted files

    On 2014-07-16 18:46, gogalthorp wrote:
    >
    > Wine is NOT immune to Windows virus but it can not spread to Linux from
    > wine. Wipe wine reinstall and the virus is gone


    Maybe. But it can do damage, like erase data files, read sensitive
    documents, etc.

    The bad guys could one day target a malware on Wine.

    > In any case it is simply not needed to scan the full system.


    Probably not.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  10. #10
    Join Date
    Feb 2013
    Location
    Indiana
    Posts
    267

    Default Re: possable unwanted files

    Quote Originally Posted by robin_listas View Post
    On 2014-07-16 18:46, gogalthorp wrote:
    >
    > Wine is NOT immune to Windows virus but it can not spread to Linux from
    > wine. Wipe wine reinstall and the virus is gone


    Maybe. But it can do damage, like erase data files, read sensitive
    documents, etc.

    The bad guys could one day target a malware on Wine.

    > In any case it is simply not needed to scan the full system.


    Probably not.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))
    Since I just installed wine and the 2 programs yesterday, I don't suspect anything of them at this time. I have used these programs for years in my other OS's, never once was anything detected.

    Going back to earlier questions..
    Avast has picked up on ClamAv's daily signature on 2 occasions, today being one of them. On both occasions I allowed the file to be deleted. Now my Avast gives me a clean bill of health. Also I re-update the daily signatures in ClamAv, then I did a thorough scan and it now gives me a clean bill of health, no false positives.
    Mike

    AMD Athlon(tm) II X3 435 Processor, (RAM): 8.0 GiB, openSUSE Leap 42.2, (x86_64)
    KDE: 4.10, ATI Radeon HD Graphics

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •