All but the eicar test signature are PUA (Potentially Unwanted Application) detections. So several comments about PUA need to be made.
First be sure to read the ClamAV FAQ on PUA: <http://www.clamav.net/documents/potentially-unwanted-applications-pua>. PUA cannot be a False Positive, by definition (although I’ve seem at least one that should have been and was subsequently removed as being too general). Detect PUA is normally disabled, so I’m not sure why those are showing up in your installation. If you would rather not deal with these yourself, then by all means disable it. I doubt that anybody reading this list will be able to tell you anything more about those files. The normal approach to PUA is to examine the file and it’s source, then decide for yourself if it’s something you installed on purpose and need/want to do whatever it is you are doing with your computer or not. -Al- On Jan 19, 2016, at 12:10 PM, Jota Pe <[email protected]> wrote: > ----- Mensaje reenviado ----- > De: Jota Pe <[email protected]> > Para: "[email protected]" <[email protected]> > Enviado: Domingo, 17 de enero, 2016 12:44:23 > Asunto: Is it a real attack? > > I performed a ClamAV scan of all my desktop PC and the result tells me about > some possible infections. > As the before mail didn't include the attachement, I copy and paste the log > file: > ----------------------------------------------------------------------------------------------- > > ClamTk, v5.19 > Sun Jan 17 12:30:53 2016 > Definiciones de ClamAV: 4227609 > Carpetas analizadas: > /home/jjpg/.cache/winetricks/comctl32 > /home/jjpg/.cache/winetricks/windowscodecs > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v1.1.4322 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v2.0.50727 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v4.0.30319 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/bin > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/2.0 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.0 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.5 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef > /home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5 > /home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/en_us > /home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Flash > Player/AddIns/airappinstaller > /home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe > AIR/Versions/1.0 > /home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe > AIR/Versions/1.0/Resources > /home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple > Application Support > /home/jjpg/.wine/drive_c/Program Files (x86)/Elica56/System > /home/jjpg/.wine/drive_c/Program Files (x86)/QuickTime > /home/jjpg/.wine/drive_c/Program Files (x86)/QuickTime/QTSystem > /home/jjpg/.wine/drive_c/Program Files (x86)/ZaraSoft/ZaraRadio > /home/jjpg/.wine/drive_c/users/Public/Application Data/Apple/Installer > Cache/AppleApplicationSupport 2.3.6 > /home/jjpg/.wine/drive_c/users/jjpg/Application Data/Macromedia/Flash > Player/www.macromedia.com/bin/airappinstaller > /home/jjpg/.wine/drive_c/users/jjpg/Local Settings/Temporary Internet > Files/Content.IE5/OPWK71SZ > /home/jjpg/.wine/drive_c/windows/Installer > /home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v1.1.4322 > /home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v2.0.50727 > /home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v4.0.30319 > /home/jjpg/.wine/drive_c/windows/mono/mono-2.0/bin > /home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/2.0 > /home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.0 > /home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.5 > /home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/gac/Novell.Directory.Ldap/2.0.0.0__0738eb9f132ed756 > /home/jjpg/.wine/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef > /home/jjpg/.wine/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef > /lib/firmware/vxge > /opt/wine-devel/lib/wine/fakedlls > /opt/wine-devel/lib64/wine/fakedlls > /opt/wine-staging/lib64/wine/fakedlls > /usr/lib/mono/4.0 > /usr/lib/mono/4.5 > /usr/lib/python2.7/dist-packages/pyclamd > /usr/lib/python3/dist-packages/pyclamd/__pycache__ > /usr/share/doc/slv2 > /usr/share/mime > /usr/share/spamassassin > /usr/share/wine-gecko > /usr/share/wine/gecko > > Encontrados 67 posibles amenazas (283770 archivos analizado). > > /usr/share/mime/mime.cache > > PUA.Win.Exploit.CVE_2012_0110 > /usr/share/wine-gecko/wine_gecko-2.21-x86_64.msi > > PUA.Win32.Packer.PrivateExeProte-7 > /usr/lib/python2.7/dist-packages/pyclamd/pyclamd.pyc > > Eicar-Test-Signature-1 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/bin/MonoPosixHelper-x86_64.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.0/mscorlib.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/2.0/mscorlib.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.5/mscorlib.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/mono/mono-2.0/lib/mono/4.5/monop.exe > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v1.1.4322/mscorlib.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /usr/share/wine-gecko/wine_gecko-2.21-x86.msi > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.local/share/wineprefixes/vc2010express/drive_c/windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.cache/winetricks/comctl32/cc32inst.exe > > PUA.Win32.Packer.Winzip-1 > /home/jjpg/.cache/winetricks/windowscodecs/wic_x86_enu.exe > > PUA.Win32.Packer.Msvcpp > /home/jjpg/.wine/drive_c/users/jjpg/Application Data/Macromedia/Flash > Player/www.macromedia.com/bin/airappinstaller/airappinstaller.exe > PUA.Win32.Packer.SetupExeSection > /home/jjpg/.wine/drive_c/users/jjpg/Local Settings/Temporary Internet > Files/Content.IE5/OPWK71SZ/update[1] > PUA.Win32.Packer.SetupExeSection > /home/jjpg/.wine/drive_c/users/jjpg/Local Settings/Temporary Internet > Files/Content.IE5/OPWK71SZ/update[0] > PUA.Win32.Packer.SetupExeSection > /home/jjpg/.wine/drive_c/users/Public/Application Data/Apple/Installer > Cache/AppleApplicationSupport 2.3.6/AppleApplicationSupport.msi > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/windows/winsxs/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll > PUA.Win32.Packer.PrivateExeProte-7 > > /home/jjpg/.wine/drive_c/windows/winsxs/amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_none_deadbeef/comctl32.dll > PUA.Win32.Packer.PrivateExeProte-7 > > /home/jjpg/.wine/drive_c/windows/mono/mono-2.0/bin/MonoPosixHelper-x86_64.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /usr/share/doc/slv2/jquery.js > > PUA.HTML.Exploit.CVE_2014_0322 > /home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.0/mscorlib.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/2.0/mscorlib.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/gac/Novell.Directory.Ldap/2.0.0.0__0738eb9f132ed756/Novell.Directory.Ldap.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.5/mscorlib.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/windows/mono/mono-2.0/lib/mono/4.5/monop.exe > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/windows/Installer/8ff4.msi > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/windows/Installer/8d09.msi > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v1.1.4322/mscorlib.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /usr/share/spamassassin/72_active.cf > > PUA.Phishing.Bank > /home/jjpg/.wine/drive_c/Program Files (x86)/Elica56/System/borlndmm.dll > > PUA.Win32.Packer.BorlandDelphi-13 > /home/jjpg/.wine/drive_c/Program Files (x86)/Elica56/System/Elica.exe > > PUA.Win32.Packer.BorlandDelphi-14 > /home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition > 1.5/en_us/multitap.dll > PUA.Win32.Packer.Starforce-1 > /home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition > 1.5/en_us/sweeper.dll > PUA.Win32.Packer.Starforce-1 > /home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition > 1.5/en_us/para.dll > PUA.Win32.Packer.Starforce-1 > /home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/Audition.exe > > PUA.Win32.Packer.Upx-28 > /home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Audition 1.5/Voc.flt > > PUA.Win32.Packer.CreativeAudioFi > /home/jjpg/.wine/drive_c/Program Files (x86)/Adobe/Flash > Player/AddIns/airappinstaller/airappinstaller.exe > PUA.Win32.Packer.SetupExeSection > > /home/jjpg/.wine/drive_c/Program Files (x86)/ZaraSoft/ZaraRadio/ZaraRadio.exe > > PUA.Win32.Packer.Devcpp > /home/jjpg/.wine/drive_c/Program Files > (x86)/QuickTime/QTSystem/QuickTimeUpdateHelper.exe > > PUA.Win32.Packer.SetupExeSection > /usr/share/wine/gecko/wine_gecko-2.21-x86.msi > > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/Program Files (x86)/QuickTime/PictureViewer.exe > > PUA.Packed.Armadillo-1 > /home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple > Application Support/libicuuc.dll > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple > Application Support/libicuin.dll > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Apple/Apple > Application Support/icudt46.dll > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe > AIR/Versions/1.0/Resources/airappinstaller.exe > PUA.Win32.Packer.SetupExeSection > /home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe > AIR/Versions/1.0/Resources/WebKit.dll > PUA.Win32.Packer.PrivateExeProte-7 > /home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe > AIR/Versions/1.0/Resources/Adobe AIR Updater.exe > PUA.Win32.Packer.SetupExeSection > /home/jjpg/.wine/drive_c/Program Files (x86)/Common Files/Adobe > AIR/Versions/1.0/Adobe AIR Application Installer.exe > PUA.Win32.Packer.SetupExeSection > /opt/wine-devel/lib64/wine/fakedlls/comctl32.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /opt/wine-devel/lib64/wine/fakedlls/clock.exe > > PUA.Win32.Packer.PrivateExeProte-7 > /usr/lib/python3/dist-packages/pyclamd/__pycache__/pyclamd.cpython-35.pyc > > Eicar-Test-Signature-1 > /opt/wine-devel/lib64/wine/fakedlls/user32.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /opt/wine-devel/lib/wine/fakedlls/comctl32.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /opt/wine-devel/lib/wine/fakedlls/clock.exe > > PUA.Win32.Packer.PrivateExeProte-7 > /opt/wine-devel/lib/wine/fakedlls/user32.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /opt/wine-staging/lib64/wine/fakedlls/comctl32.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /opt/wine-staging/lib64/wine/fakedlls/clock.exe > > PUA.Win32.Packer.PrivateExeProte-7 > /opt/wine-staging/lib64/wine/fakedlls/user32.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /usr/lib/python3/dist-packages/pyclamd/__pycache__/pyclamd.cpython-34.pyc > > Eicar-Test-Signature-1 > /usr/lib/mono/4.0/mscorlib.dll > > PUA.Win32.Packer.PrivateExeProte-7 > /usr/lib/mono/4.5/mscorlib.dll > > PUA.Win32.Packer.PrivateExeProte-7 > > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > How many? ??? > Is it a real attack? or False positive? ??? > Thanks a lot for your time!!! > Greetings and Blessings from Chile!!!!!!! > Juan
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
