View previous topic :: View next topic |
Author |
Message |
MorgothSauron Tux's lil' helper
Joined: 24 Sep 2020 Posts: 75
|
Posted: Tue Aug 24, 2021 5:03 pm Post subject: ClamAV inconsistent scan results |
|
|
Hi,
I recently installed ClamAV recently and I'm experiencing weird behavior with the scan. I'm using t he standard signatures and the one from SecuriteInfo.
Last week I scanned my home folder and it found the following problems with some Proton Wine files:
Code: | ~/.local/share/Steam/steamapps/common/Proton 5.13/dist/lib/wine/wordpad.exe: Win.Packed.Pwsx-9885269-0 FOUND
~/.local/share/Steam/steamapps/common/Proton 5.13/dist/lib64/wine/wordpad.exe: Win.Packed.Pwsx-9885269-0 FOUND |
I know they are windows binaries and its probably a false positives.
Now the weird thing. I ran an other scan this week and this time it found different problems on other file. The files from the previous scan were not listed:
Code: | ~/.local/share/Steam/steamapps/common/Proton 5.13/dist/lib64/wine/msiexec.exe: Win.Trojan.Malwarex-9888024-0 FOUND
~/.local/share/Steam/steamapps/common/Proton 5.13/dist/lib/wine/msiexec.exe: Win.Trojan.Malwarex-9888024-0 FOUND |
Is that a normal behavior with ClamAV ? |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2964 Location: Edge of marsh USA
|
Posted: Wed Aug 25, 2021 4:04 am Post subject: |
|
|
Not really. It's a computer. Computing things should be repeatable. But, signature updates are frequent. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
MorgothSauron Tux's lil' helper
Joined: 24 Sep 2020 Posts: 75
|
Posted: Fri Aug 27, 2021 4:40 pm Post subject: |
|
|
figueroa wrote: | Not really. It's a computer. Computing things should be repeatable. But, signature updates are frequent. |
I totally agree with you: it should be repeatable. However there have been few signatures updates since then and ClamAV no longer complains. But it is a bit worrying: how can I tell that nothing else if being missed ? |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2964 Location: Edge of marsh USA
|
Posted: Fri Aug 27, 2021 4:55 pm Post subject: |
|
|
1. Rinse and repeat.
2. Scan those with a mainstream and up-to-date Windows antivirus scanner.
3. rm -rf _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
|