[clamav-users] ClamAv local results differ from ClamAV at VirusTotal.com

Al Varnell alvarnell at mac.com
Sat Jan 13 06:54:14 UTC 2018

On Fri, Jan 12, 2018 at 08:31 PM, Paul B. wrote:
> I just ran a scan on my root drive, and had 3 hits. I ran each of them
> by VirusTotal, and each VT had ClamAV reporting them as Clean. The
> output here was:
> /home/paul/.config/vivaldi/Default/Extensions/kbmfpngjjgdllneeigpgjifpgocmfgmb/5.10.1_0/foreground.entry.js.map:
> Html.Exploit.CVE_2017_8738-6336184-2 FOUND
> /home/paul/.wine/drive_c/users/Public/Application Data/The
> Word/Cache/twrestart.exe: PUA.Win.Packer.BorlandDelphiKo-3 FOUND
> /home/paul/.wine/drive_c/Program Files (x86)/The Word/Uninst.exe:
> PUA.Win.Trojan.Casino-141 FOUND

Since you believe these to be False Positives, you should upload them to <http://www.clamav.net/reports/fp <http://www.clamav.net/reports/fp>> then return here with a hash value for each file.

> The first one is the reddit extension suite, RES, an extension to the
> vivaldi browser. The second and third pertain to a Windows Bible
> program I use on WINE on Linux. I would be very surprised if there is
> anything actually wrong with #2 or #3, and I doubt anything's wrong
> with #1. #2 did pull four hits on VirusTotal, out of 66 engines. But
> ClamAV at VT passed all three files.
> I could simply write an exclusion for these files, but I wonder why
> this disparity exists.
> Thanks,
> Paul

Al Varnell
ClamXAV user

More information about the clamav-users mailing list