After installing Microsoft's official python extensions in visual studio code, running clamscan responded with malware.
Similar discussions have been held in the past, but the issue has been closed as resolved.
However, it seems unusual that clamav's virus definition has been updated to the latest state and is still detected as malware.
Should this be considered malware?
$clamscan/home/USER/--recursive--infected
...
/home/USER/.config/Code/CachedExtensionVSIXs/ms-python.python-2022.20.1: Win.Trojan.Trojanx-9981435-0 FOUND
----------- SCAN SUMMARY -------------
Known viruses: 8646692
Engine version: 0.103.6
Scanned directories: 16337
Scanned files—209739
Infected files:1
Data scanned: 9387.41 MB
Data read: 15554.11 MB (ratio 0.60:1)
Time: 2194.871sec (36 m 34 s)
Start Date: 2023:01:0103:50:55
End Date: 2023:01:0104:27:29
$cat/etc/os-release
PRETTY_NAME = "Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID = "22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID = ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
$clamd-V
ClamAV 0.103.6/26767/Sat Dec 31 17:24:44 2022
It is common for virus checking software to misdetect viruses.
The responsibility for fixing it will be on the virus checking software side.
For example, PyInstaller's run.exe/runw.exe program, which I have experienced and have experienced on the Internet, is considered to be a virus, but it seems that various virus checking software has caused sporadic cases.
There is also an issue article in PyInstaller, but you should contact the vendor of the check software.
run.exe as malware#3802
Please contact you anti-virus vendor. There is nothing we can do about this false positive.
Contact your antivirus vendor.There is nothing we can do about this false positive
If your anti-virus vendor customers one of the files included in the PyInstaller distribution or a file generated by PyInstaller to be malicious, there is not any we can do about this. Even if we'd change our code, they'd change their pattern and start. There is nothing we can do about this if antivirus vendors consider either the files contained in the PyInstaller distribution or the files generated by the PyInstaller to be malicious.Changing the code will change the pattern and restart the race.
By the way, PyInstaller creates executables from Python scripts, so you can find some examples of how to deal with the programs that are completed.
[python] Crowdstrike incorrectly detects an executable created with PyInstaller
ClamAV seems to be an open source and free software, but if you look at the first summary, it's about using it on the mail gateway, and the virus check on the files on the PC may be slightly off the mark.
ClamAV
The Standard ClamAV®is the open-source standard for mail gateway-scanning software.
Possible options include:
© 2024 OneMinuteCode. All rights reserved.