On Thu, Nov 14, 2019 at 6:34 AM G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> wrote:

Hi there,

On Wed, 13 Nov 2019, Christina Qian wrote:

> Thank you very much for your reply. I just realized that I was on the wrong
> thread though. I meant to ask the reason for the alarms below, or at least
> to confirm it's a false alarm, so I can just exclude the files. Do you or
> anybody on the list has information on this? Thanks.
> ...
> /folder_name/jupyter/miniconda2/include/openssl/tls1.h:
> YARA.php_malware_hexinject.UNOFFICIAL FOUND
> /folder_name/jupyter/miniconda2/pkgs/openssl-1.0.2k-1/include/openssl/tls1.h:
> YARA.php_malware_hexinject.UNOFFICIAL FOUND
> /folder_name/anaconda2/pkgs/openssl-1.0.2k-1/include/openssl/tls1.h:
> YARA.php_malware_hexinject.UNOFFICIAL FOUND

Those files are published in open source packages. If you have any
concerns about them you can always go to the originals and compare.

In my view scanning files in this way causes more problems (and this
is probably one of the most frequent) than it can ever solve.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml