Malware detected in official extensions of vscode (?)

After installing Microsoft's official python extensions in visual studio code, running clamscan responded with malware.

Similar discussions have been held in the past, but the issue has been closed as resolved.
However, it seems unusual that clamav's virus definition has been updated to the latest state and is still detected as malware.

Should this be considered malware?

$clamscan/home/USER/--recursive--infected                                       
...
/home/USER/.config/Code/CachedExtensionVSIXs/ms-python.python-2022.20.1: Win.Trojan.Trojanx-9981435-0 FOUND

----------- SCAN SUMMARY -------------
Known viruses: 8646692
Engine version: 0.103.6
Scanned directories: 16337
Scanned files—209739
Infected files:1
Data scanned: 9387.41 MB
Data read: 15554.11 MB (ratio 0.60:1)
Time: 2194.871sec (36 m 34 s)
Start Date: 2023:01:0103:50:55
End Date: 2023:01:0104:27:29

$cat/etc/os-release 
PRETTY_NAME = "Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID = "22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID = ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

$clamd-V
ClamAV 0.103.6/26767/Sat Dec 31 17:24:44 2022

vscode malware

2023-01-01 00:47

1 Answers

It is common for virus checking software to misdetect viruses.
The responsibility for fixing it will be on the virus checking software side.

For example, PyInstaller's run.exe/runw.exe program, which I have experienced and have experienced on the Internet, is considered to be a virus, but it seems that various virus checking software has caused sporadic cases.
There is also an issue article in PyInstaller, but you should contact the vendor of the check software.
run.exe as malware#3802

Please contact you anti-virus vendor. There is nothing we can do about this false positive.
Contact your antivirus vendor.There is nothing we can do about this false positive

If your anti-virus vendor customers one of the files included in the PyInstaller distribution or a file generated by PyInstaller to be malicious, there is not any we can do about this. Even if we'd change our code, they'd change their pattern and start. There is nothing we can do about this if antivirus vendors consider either the files contained in the PyInstaller distribution or the files generated by the PyInstaller to be malicious.Changing the code will change the pattern and restart the race.

By the way, PyInstaller creates executables from Python scripts, so you can find some examples of how to deal with the programs that are completed.
[python] Crowdstrike incorrectly detects an executable created with PyInstaller

ClamAV seems to be an open source and free software, but if you look at the first summary, it's about using it on the mail gateway, and the virus check on the files on the PC may be slightly off the mark.
ClamAV

The Standard ClamAV®is the open-source standard for mail gateway-scanning software.

Possible options include:

Contact the manufacturer of the virus-checking software for further checks and countermeasures.
Change the virus check software to something else.
Configure the virus check software to ignore the indication of VSCode's Python extensions.
Get rid of one of the Python extensions to virus check software/VSCode

2023-01-01 11:00

If you have any answers or tips

Popular Tags

python x 4647

android x 1593

java x 1494

javascript x 1427

c x 927

c++ x 878

ruby-on-rails x 696

php x 692

python3 x 685

html x 656