[clamav-users] CVE_2021_4034-9951522 false positives on node executables
G.W. Haywood
clamav at jubileegroup.co.uk
Mon Jun 20 23:04:47 UTC 2022
Hi there,
On Tue, 21 Jun 2022, Viktor Rosenfeld via clamav-users wrote:
> A recent scan of my system found 8 infected files. On closer
> inspection, these are all nodejs binaries, either installed through
> Homebrew or inside another app (e.g., Docker or Adobe). Clamav
> reports that they are infected with CVE_2021_4034-9951522.
>
> As far as I can tell, CVE_2021_4034 is the pkexec privilege
> scalation bug. However, I could not find anything relating to
> nodejs. Also, the fact that multiple nodejs binaries on my system
> are infected, which are installed from different sources, leads me
> to believe that this is a false positive.
>
> I am unsure what to do next. ...
Agreed there might be grounds to suspect a false positive, but I'd
suggest that first you upload anything which has been flagged as
suspicious to somewhere like Virustotal or Jotti's Virus Scan. Then
take a view. If ClamAV is in a minority of one, probably filing the
false positive report would be the next step.
--
73,
Ged.
More information about the clamav-users
mailing list