Results 1 to 8 of 8

Thread: Clam antivirus found threats? What's this?

  1. #1
    Join Date
    Sep 2012
    Beans
    70

    Clam antivirus found threats? What's this?

    In my home-folder Clam found .wine-browser/drive_c/windows/Installer/ac8.msp and .wine-browser/drive_c/Program Files/Microsoft Silverlight/sllauncher.exe and rated them as threats.
    sllauncher.exe is, from all I know, the Sliverlight plugin and I guess it was installed with the netflix-desktop using this: ppa:ehoover/compholio

    Is it infected or is it just that clam doesn't recognise it? And what is ac8.msp?

    //Askel

  2. #2
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: Clam antivirus found threats? What's this?

    Quote Originally Posted by Askel View Post
    Is it infected or is it just that clam doesn't recognise it?
    Since you don't tell us what exactly it's supposed to be infected with there's nothing much anyone can say, really...


    Quote Originally Posted by Askel View Post
    And what is ac8.msp?
    Your favorite search engine will tell you the extension is in use by Microsoft Installer denoting a patch file.

  3. #3
    Join Date
    Sep 2012
    Beans
    70

    Re: Clam antivirus found threats? What's this?

    I tired googling it but i didn't find anything about it. I don't know how to get any details from Clam so I don't know what it would be infected with. Could it be false positives?

  4. #4
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: Clam antivirus found threats? What's this?

    Quote Originally Posted by Askel View Post
    I don't know how to get any details from Clam so I don't know what it would be infected with.
    If there's no log file try
    Code:
    clamscan -v .wine-browser/drive_c/windows/Installer/ac8.msp

    Quote Originally Posted by Askel View Post
    Could it be false positives?
    Sure.

  5. #5
    Join Date
    Sep 2012
    Beans
    70

    Re: Clam antivirus found threats? What's this?

    I got this for ac8.msp
    Code:
    clamscan -v .wine-browser/drive_c/windows/Installer/ac8.msp
    Code:
    Scanning .wine-browser/drive_c/windows/Installer/ac8.msp
    .wine-browser/drive_c/windows/Installer/ac8.msp: OK
    
    ----------- SCAN SUMMARY -----------
    Known viruses: 2547052
    Engine version: 0.97.8
    Scanned directories: 0
    Scanned files: 1
    Infected files: 0
    Data scanned: 57.84 MB
    Data read: 19.40 MB (ratio 2.98:1)
    Time: 8.649 sec (0 m 8 s)
    And
    Code:
    clamscan -v .wine-browser/drive_c/Program\ Files/Microsoft\ Silverlight/sllauncher.exe
    gives
    Code:
    Scanning .wine-browser/drive_c/Program Files/Microsoft Silverlight/sllauncher.exe
    .wine-browser/drive_c/Program Files/Microsoft Silverlight/sllauncher.exe: OK
    
    ----------- SCAN SUMMARY -----------
    Known viruses: 2547937
    Engine version: 0.97.8
    Scanned directories: 0
    Scanned files: 1
    Infected files: 0
    Data scanned: 0.47 MB
    Data read: 0.46 MB (ratio 1.01:1)
    Time: 4.243 sec (0 m 4 s)
    If I'm not totally lost Clam doesn't see them as infected anymore. But why did it alert earlier then?

  6. #6
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: Clam antivirus found threats? What's this?

    Quote Originally Posted by Askel View Post
    (..) Clam doesn't see them as infected anymore. But why did it alert earlier then?
    No supporting nfo (log files, screen shots, etc, etc) means no "evidence" which means no clue why.

  7. #7
    Join Date
    Sep 2012
    Beans
    70

    Re: Clam antivirus found threats? What's this?

    I did a full scan of the system, and now it sam sllauncher.exe and ac8.msp as threats again. Also /usr/share/wine-browser-installer/SilverlighSetup.exe and /usr/share/wine-browser-installer/FirefoxSetup.exe
    When I scan them separatly in the terminal I get the same result, that they are not infected, but when scanning the folder they're in they're listed as threats.

    I removed netflix-desktop for now. I'm just hoping their new native Linuxsupport will be up soon.

  8. #8
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: Clam antivirus found threats? What's this?

    Quote Originally Posted by Askel View Post
    When I scan them separatly in the terminal I get the same result (..) but when scanning the folder they're in they're listed as threats.
    Depending on what automation or front-end (if any) you use to scan directories check if you can configure it to be verbose when scanning and write alerts / output to a log file. Other than that a manual scan confirmed the files were not infected (with a virus ClamAV knows about) so apart from 0) verifying the files against a download from a known safe location and maybe 1) getting a second opinion by submitting the files to on-line AV scanners I see no reason why you should remove the application.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •