ClamAV is detecting malware

Are these false positives?
Shall I remove them?
https://s33.postimg.cc/kbe2vfa5r/vul.png

The two PDF files appear to be fine on my other laptops (Windows 8.1 and Windows 10). I have copies of these 2 files in both of them, one has Norton Internet Security, and another has Kaspersky 2018- none of them find a problem with those files. I don’t know about the others.

Suggestions please?

I don’t use clamav but it would seam that it detects embedded javascript in those pdf’s javascript can be useful but it’s also a possible exploit
I’d suggest you check those files at virustotal
https://www.virustotal.com/
afaik clamav detects all embeded javascripts in pdf as threats
as you can see it even detects macro’s in libreoffice documents as threats
if they’re fine open a false positive report with clamav
https://www.clamav.net/reports/fp
but don’t expect anything to change regarding pdf you could disable pdf scanning
http://lists.clamav.net/pipermail/clamav-users/2016-March/002710.html

First off, sorry for the delay in replying- have been real busy @ work.

Did some research, and turns out these are either Windows exploits, or false positives, and don’t pose a risk to the current opensuse installation. Installing an A/V is mostly unnecessary in opensuse (except in certain situations- like using the computer as a server to Windows systems). Having a real-time malware scanner in opensuse is like wearing sunglasses at night to protect your eyes from UV rays in the moonlight- kind of pointless.

The best practices for opensuse- use official/ trusted repositories, update the system regularly, and avoid running a GUI session as root unless absolutely necessary.

While I do have Windows laptops, and I do share files with them, my opensuse system is not a server- I share files using external hard drives. The Windows computers have anti-malware installed on them, and the files I share are mostly music/videos/pictures, etc, not .exe files.

These warnings can be safely ignored.

I’m not uninstalling clamav, but I’ve turned off realtime protection. Perhaps I’ll run a manual scan of the ~ directory once every 6 months, can’t hurt.

Thanks for the links I_A, your links sparked up my interest about malware in Linux and improved my understanding of the situation. :good:

That is of course not new and posted in a lot of other threads over time.

The lack of Clamav (and similar products) users here most probably explains why so few people answered to your thread :wink: