Results 1 to 4 of 4

Thread: ClamAV is detecting malware

  1. #1

    Default ClamAV is detecting malware

    Are these false positives?
    Shall I remove them?


    The two PDF files appear to be fine on my other laptops (Windows 8.1 and Windows 10). I have copies of these 2 files in both of them, one has Norton Internet Security, and another has Kaspersky 2018- none of them find a problem with those files. I don't know about the others.

    Suggestions please?

  2. #2
    Join Date
    Sep 2008
    Posts
    2,997

    Default Re: ClamAV is detecting malware

    I don't use clamav but it would seam that it detects embedded javascript in those pdf's javascript can be useful but it's also a possible exploit
    I'd suggest you check those files at virustotal
    https://www.virustotal.com/
    afaik clamav detects all embeded javascripts in pdf as threats
    as you can see it even detects macro's in libreoffice documents as threats
    if they're fine open a false positive report with clamav
    https://www.clamav.net/reports/fp
    but don't expect anything to change regarding pdf you could disable pdf scanning
    http://lists.clamav.net/pipermail/cl...ch/002710.html

  3. #3

    Default Re: ClamAV is detecting malware

    First off, sorry for the delay in replying- have been real busy @ work.

    Did some research, and turns out these are either Windows exploits, or false positives, and don't pose a risk to the current opensuse installation. Installing an A/V is mostly unnecessary in opensuse (except in certain situations- like using the computer as a server to Windows systems). Having a real-time malware scanner in opensuse is like wearing sunglasses at night to protect your eyes from UV rays in the moonlight- kind of pointless.

    The best practices for opensuse- use official/ trusted repositories, update the system regularly, and avoid running a GUI session as root unless absolutely necessary.

    While I do have Windows laptops, and I do share files with them, my opensuse system is not a server- I share files using external hard drives. The Windows computers have anti-malware installed on them, and the files I share are mostly music/videos/pictures, etc, not .exe files.

    These warnings can be safely ignored.

    I'm not uninstalling clamav, but I've turned off realtime protection. Perhaps I'll run a manual scan of the ~ directory once every 6 months, can't hurt.

    Thanks for the links I_A, your links sparked up my interest about malware in Linux and improved my understanding of the situation.

  4. #4
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,877

    Default Re: ClamAV is detecting malware

    Quote Originally Posted by johnwinchester View Post
    Did some research, and turns out these are either Windows exploits, or false positives, and don't pose a risk to the current opensuse installation. Installing an A/V is mostly unnecessary in opensuse (except in certain situations- like using the computer as a server to Windows systems). Having a real-time malware scanner in opensuse is like wearing sunglasses at night to protect your eyes from UV rays in the moonlight- kind of pointless.
    That is of course not new and posted in a lot of other threads over time.

    The lack of Clamav (and similar products) users here most probably explains why so few people answered to your thread
    Henk van Velden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •