[clamav-users] ClamAv local results differ from ClamAV at VirusTotal.com
Paul B.
pbpublic at gmail.com
Sat Jan 13 04:31:13 UTC 2018
I just ran a scan on my root drive, and had 3 hits. I ran each of them
by VirusTotal, and each VT had ClamAV reporting them as Clean. The
output here was:
/home/paul/.config/vivaldi/Default/Extensions/kbmfpngjjgdllneeigpgjifpgocmfgmb/5.10.1_0/foreground.entry.js.map:
Html.Exploit.CVE_2017_8738-6336184-2 FOUND
/home/paul/.wine/drive_c/users/Public/Application Data/The
Word/Cache/twrestart.exe: PUA.Win.Packer.BorlandDelphiKo-3 FOUND
/home/paul/.wine/drive_c/Program Files (x86)/The Word/Uninst.exe:
PUA.Win.Trojan.Casino-141 FOUND
The first one is the reddit extension suite, RES, an extension to the
vivaldi browser. The second and third pertain to a Windows Bible
program I use on WINE on Linux. I would be very surprised if there is
anything actually wrong with #2 or #3, and I doubt anything's wrong
with #1. #2 did pull four hits on VirusTotal, out of 66 engines. But
ClamAV at VT passed all three files.
I could simply write an exclusion for these files, but I wonder why
this disparity exists.
Thanks,
Paul
More information about the clamav-users
mailing list