[SOLVED] ClamAV found many threats; What do I do now?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ClamTK/ClamAV found so many threats… What should I do now?
So I did a full scan with ClamTK. I scanned for everything including PUAs using my standard account on Ubuntu. ClamTK found a lot of threats. It could have been a little over a hundred. It showed me a list of results and gave me three options at the bottom: Quarantine, Delete, and Analysis and the it had three columns: File, Status, and Action Taken. The thing is the Quarantine option didn’t seem to do anything most of the time. When I deleted a file it would be marked as deleted in the results window under Action Taken. Anyway, the first half the threats it reported were in
/usr/lib/libreoffice/share/basi…
I didn’t want LibreOffice to stop working so these are the files I tried to quaratine. They had things like PUA.Tool.LibreOffice… in the status
The threats were from three primary sources: LibreOffice system files (I assume), files including js files from webpages I saved on this machine, and old Windows programs I backed up on this computer.
Some of the stuff found:
# In Saved pages:
PUA.Doc.Tool.LibreOfficeMa…
PUA.Html.Trojan.Agent-3707...
PUA.Pdf.Trojan.EmbeddedJavascript…
# In Downloaded Windows apps
PUA.Win.Adware.Slugin-680…
PUA.Win.Downloader.Aiis-68...
PUA.Win.Malware.Speeding…
PUA.Win.Packer.InnoInstaller...
I could go on.
With the LibreOffice files I tried to quarantine all of them but everything else (the files from saved web pages and Windows programs) I deleted.
Where do I go from here? FYI: I was going to set up a dual boot soon and wipe out this hard drive soon with my brother anyway but I don’t know when that will be.
My calc documents are very simple. I don't even know how to make "Macros." I have one spreadsheet from the web and it doesn't seem too complicated. It's a calculator for how long it would take to finish writing a book. It's from Michael Hyatt and Co and I don't think it's harmful.
I agree with you on those Microsoft programs. They gave me trouble on the XP machine I downloaded them for. One or another compromised that PC running XP in like 2015.
I didn't know ClamAV was known for false positives.
I should add that it marked these files from LibreOffice, saved web pages, and Windows programs as possible threats.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.