[clamav-users] CVE_2021_4034-9951522 false positives on node executables
Viktor Rosenfeld
24hesk at gmail.com
Tue Jun 21 23:19:28 UTC 2022
Hi,
> Am 21.06.2022 um 01:04 schrieb G.W. Haywood <clamav at jubileegroup.co.uk>:
>
> Agreed there might be grounds to suspect a false positive, but I'd
> suggest that first you upload anything which has been flagged as
> suspicious to somewhere like Virustotal or Jotti's Virus Scan. Then
> take a view. If ClamAV is in a minority of one, probably filing the
> false positive report would be the next step.
Thank you, Ged, for the suggestions. I did not know these sites, they are very useful!
I checked all of the files flagged on my system on both sites. On Jotti’s Virus Scan, all files were flagged by ClamAV. On Virustotal, only some of the files were flagged by ClamAV. Specifically, libnode.dylib files were flagged but node binaries were not flagged.
No other virus software flagged these files on either site.
I submitted a false positive report on the ClamAV website.
Cheers,
Viktor
More information about the clamav-users
mailing list