[clamav-users] CVE_2021_4034-9951522 false positives on node executables
Viktor Rosenfeld
24hesk at gmail.com
Tue Aug 2 20:11:21 UTC 2022
Hi,
Is it possible that the infected file is only found in arm64 versions? When I go to https://nodejs.org/en/ <https://nodejs.org/en/>, it prompts me to download files for x64. However, I am on an Apple Air M1 and I just verified that the installed node binary is an arm64 executable.
Cheers,
Viktor
> Am 01.08.2022 um 15:24 schrieb Al Varnell <alvarnell at mac.com>:
>
> I downloaded and installed both current versions of Node.js 16.16.0 LTS & 18.7.0 from <https://nodejs.org/en/ <https://nodejs.org/en/>> and no infected files were found.
>
> -Al-
> --
> ClamXAV user
>
> On Mon, Aug 01, 2022 at 02:50 AM, Viktor Rosenfeld via clamav-users wrote:
>> Hi,
>>
>> about a month ago I reported a possible false positive on nodejs executables and related files [1]. After checking with Jotti’s Virus Scan and Virustotal, I also (twice) submitted the files to the ClamAV website as false positives [2].
>>
>> I haven’t received a notification after the false positive submissions and, meanwhile, newer versions of nodejs are still reported as being infected.
>>
>> What else can I do to verify that this is indeed a false positive?
>>
>> Best,
>> Viktor
>>
>> [1] https://lists.clamav.net/pipermail/clamav-users/2022-June/012717.html <https://lists.clamav.net/pipermail/clamav-users/2022-June/012717.html>
>> [2] https://www.clamav.net/reports/fp <https://www.clamav.net/reports/fp>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20220802/0f90ef4c/attachment.htm>
More information about the clamav-users
mailing list