[clamav-users] ClamAv local results differ from ClamAV at VirusTotal.com

Paul B. pbpublic at gmail.com
Sat Jan 13 04:31:13 UTC 2018

I just ran a scan on my root drive, and had 3 hits. I ran each of them
by VirusTotal, and each VT had ClamAV reporting them as Clean. The
output here was:

Html.Exploit.CVE_2017_8738-6336184-2 FOUND

/home/paul/.wine/drive_c/users/Public/Application Data/The
Word/Cache/twrestart.exe: PUA.Win.Packer.BorlandDelphiKo-3 FOUND

/home/paul/.wine/drive_c/Program Files (x86)/The Word/Uninst.exe:
PUA.Win.Trojan.Casino-141 FOUND

The first one is the reddit extension suite, RES, an extension to the
vivaldi browser. The second and third pertain to a Windows Bible
program I use on WINE on Linux. I would be very surprised if there is
anything actually wrong with #2 or #3, and I doubt anything's wrong
with #1. #2 did pull four hits on VirusTotal, out of 66 engines. But
ClamAV at VT passed all three files.

I could simply write an exclusion for these files, but I wonder why
this disparity exists.


More information about the clamav-users mailing list