ClamTK antivirus help!

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
LinuxNoob1975
Level 1
Level 1
Posts: 10
Joined: Thu Jan 28, 2016 4:21 am

ClamTK antivirus help!

Post by LinuxNoob1975 » Mon Feb 01, 2016 2:58 am

I noticed that firefox was running a bit slower that the norm. I ran clamTK and this is what all showed up I find it hard to believe that all these could be false positives.
https://drive.google.com/file/d/1_lXMYn ... sp=sharing
https://drive.google.com/file/d/1jpas86 ... sp=sharing
Should I be concerned about these or not? My concern is that Im running Linux mint on dual boot with Windows. Is it possible that Windows can be compromised through the Linux OS ?

User avatar
jimallyn
Level 18
Level 18
Posts: 8941
Joined: Thu Jun 05, 2014 7:34 pm
Location: Wenatchee, WA USA

Re: ClamTK antivirus help!

Post by jimallyn » Mon Feb 01, 2016 5:04 am

It is generally recommended that you NOT use an anti-virus on Linux.

https://sites.google.com/site/easylinux ... t/security

Are they all false positives? I don't know. Perhaps somebody else can enlighten us further.

It looks like all of those are in your browser cache. Depending upon what kind of sites you visit on the internet, it is possible that all those things could actually be in the browser cache. But it is unlikely that they could actually do anything to harm your computer, unless, of course, you give them permission to run.

In the thirteen and a half years I have been using Linux, none of my Linux computers have ever been infected with any virus, trojan, spyware, adware, or other malware, nor have the computers of any Linux user I know.
Image

“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan

User avatar
LinuxJim
Level 5
Level 5
Posts: 659
Joined: Tue Jan 26, 2016 8:01 pm
Location: Oregon, USA

Re: ClamTK antivirus help!

Post by LinuxJim » Mon Feb 01, 2016 5:25 am

jimallyn wrote: It looks like all of those are in your browser cache.
Agreed. Those are all PUA.Js.Xored, which is a ClamAV classification for "Potentially Unwanted Javascript". They could indeed be false positivies. Even if they're not, they would be harmless under Linux.

jimallyn wrote: In the thirteen and a half years I have been using Linux, none of my Linux computers have ever been infected with any virus, trojan, spyware, adware, or other malware, nor have the computers of any Linux user I know.
Make that 21+ years for me. Nothing. Nada. Zilch.

Cosmo.
Level 23
Level 23
Posts: 17827
Joined: Sat Dec 06, 2014 7:34 am

Re: ClamTK antivirus help!

Post by Cosmo. » Mon Feb 01, 2016 5:52 am

LinuxNoob1975 wrote:I noticed that firefox was running a bit slower that the norm.
Regarding this point: Only FF is affected?
This is often caused by some problems in the FF-profile.
To find this out do the following:
Close FF.
Open your file-manager and make hidden files visible (press ctrl-h).
Rename the folder .mozilla to .mozilla.bck
Start FF, this will create automatically a new FF-profile.
Check.

To get back to your old profile:
Close FF.
Delete the new folder .mozilla
Rename the folder .mozila.bck back to .mozilla
Start FF. Done.

Habitual
Level 13
Level 13
Posts: 4870
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: ClamTK antivirus help!

Post by Habitual » Mon Feb 01, 2016 7:23 am

Yawn.
Users have to explicitly turn on the PUA option and then scream bloody murder when it 'hits'.

clamAV is worthless on a desktop.
clamAV is worthless on a desktop.
clamAV is worthless on a desktop.
clamAV is worthless on a desktop.
clamAV is worthless on a desktop.
clamAV is worthless on a desktop.
clamAV is worthless on a desktop.
clamAV is worthless on a desktop.
clamAV is worthless on a desktop.
clamAV is worthless on a desktop.
clamAV is worthless on a desktop.
clamAV is worthless on a desktop.
clamAV is worthless on a desktop.

User avatar
GreyGeek
Level 4
Level 4
Posts: 232
Joined: Thu Jan 14, 2016 11:01 pm
Location: Lincoln, NE

Re: ClamTK antivirus help!

Post by GreyGeek » Mon Feb 01, 2016 7:32 pm

jimallyn wrote:It is generally recommended that you NOT use an anti-virus on Linux.

https://sites.google.com/site/easylinux ... t/security

Are they all false positives? I don't know. Perhaps somebody else can enlighten us further.

It looks like all of those are in your browser cache. Depending upon what kind of sites you visit on the internet, it is possible that all those things could actually be in the browser cache. But it is unlikely that they could actually do anything to harm your computer, unless, of course, you give them permission to run.

In the thirteen and a half years I have been using Linux, none of my Linux computers have ever been infected with any virus, trojan, spyware, adware, or other malware, nor have the computers of any Linux user I know.
From the clamv website:
http://www.clamav.net/documents/miscellaneous-faq
What is PUA? I get a lot of false positives named PUA.
With the release of ClamAV 0.91.2 we introduce the option to scan for Potentially Unwanted Applications.

The PUA database contains detection for applications that are not malicious by itself but can be used in a malicious or unwanted context. As an example: A tool to retrieve passwords from a system can be useful as long as the person who uses it, is authorized to do so. However, the same tool can be used to steal passwords from a system. To make use of the PUA database you can use the –detect-pua switch for clamscan or enable it in the config file for clamd (add: DetectPUA yes).

At this point we DO NOT recommend using it in production environments, because the detection may be too agressive and lead to false positives. In one of the next releases we will provide additional features for fine-tuning allowing better adjustments to different setups. NOTE: A detection as PUA does NOT tell if a application is good or bad. All it says is, that a file MAYBE unwanted or MAYBE could compromise your system security and it MAYBE a good idea to check it twice.
You can edit the config file and change "DetectPUA yes" to "DetectPUA no". Better yet, deleted clamtk. It is not needed and just slows down your system and generates unwarranted fears.

Here is a link to the National Vulnerability Database that shows the number of Linux security software flaws and the number of US-CERT notifications for the last three years ... all eleven of them.
https://web.nvd.nist.gov/view/vuln/sear ... cert_vn=on
However, like that last "security hole" in the kernel that was discussed last month few, if any, reach the public because they are found by security audits and patched almost zero day. Since I started using Linux eighteen years ago I can count on my fingers the total number of viruses and Trojans FOUND IN THE WILD. The most serious was the virus that infected 2,500 computers in Eastern Europe about 10-12 years go because the admins were running bootleg copies of RedHat server and didn't use root passwords. And those eighteen years I have encountered NONE on my machines or the dozens of machines I maintained over the years. For half that time I never even ran a firewall. The vast majority of malware listed on sites like MacAfee, Norton, Symantic, kaperskey, etc. are WIndows viruses that have had the word "linux" added to their names in order to drum up businesses, like the jpg viruses. When you drill deep into those sites to obtain the severity level and number of infections you find that most are rated as nearly harmless and are found on "2 or less" computers. That strongly suggests that the virus is a somebody's test project.

EDIT: I forgot to mention that the BIGGEST security hole in a Linux box is the USER!. The user is more likely to fall prey to social engineering, or to download and install apps from other than the repository, or to visit pron sites and other places where most malware lurks.
Last edited by GreyGeek on Tue Feb 02, 2016 3:49 pm, edited 2 times in total.

Habitual
Level 13
Level 13
Posts: 4870
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: ClamTK antivirus help!

Post by Habitual » Mon Feb 01, 2016 7:47 pm

If PUA scanning was worth a damn on Linux, it would be enabled by default.

LinuxNoob1975
Level 1
Level 1
Posts: 10
Joined: Thu Jan 28, 2016 4:21 am

Re: ClamTK antivirus help!

Post by LinuxNoob1975 » Mon Feb 01, 2016 9:21 pm

Thanks to everyone for the replies.

Post Reply

Return to “Software & Applications”