After updating to the latest virus signature files using freshclam, I am suddenly getting infected file reports that I never got before. I don't think the affected files have changed, at least the creation dates and size in bytes are still the same. How can I tell whether this is a real virus or malware, or if it is just a false positive? If I submit one of the files using clamsubmit, will it be analyzed to determine whether it is a false positive? I'm not sure if files submitted using clamsubmit are analyzed, or whether it is just assumed that they are false positives. I am using a Linux operating system that was built using linuxfromscratch.org. Here is a list of the files that clamscan reported:
/usr/lib/python3.11/ensurepip/_bundled/pip-23.1.2-py3-none-any.whl: Win.Virus.Expiro-10026576-0 FOUND /usr/lib/python3.11/site-packages/pip/_vendor/distlib/t64-arm.exe: Win.Virus.Expiro-10026576-0 FOUND /usr/lib/python3.11/site-packages/pip/_vendor/distlib/t32.exe: Win.Virus.Expiro-10026576-0 FOUND /usr/lib/python3.11/site-packages/pip/_vendor/distlib/w64.exe: Win.Virus.Expiro-10026576-0 FOUND /usr/lib/python3.11/site-packages/pip/_vendor/distlib/t64.exe: Win.Virus.Expiro-10026576-0 FOUND /usr/lib/python3.11/site-packages/pip/_vendor/distlib/w64-arm.exe: Win.Virus.Expiro-10026576-0 FOUND /usr/lib/python3.11/site-packages/pip/_vendor/distlib/w32.exe: Win.Virus.Expiro-10026576-0 FOUND
Richard _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
