In thee past when I was using pclinuxos, they didn't have clamav in the repos, so I installed clamav via a tarball downloaded from the official home page. After installing it and doing a scan, it found some viruses, but they were in the clamav directory where I untar it. They were .exe files. I deleted them and ran the scan again and this time, 0 infected files found.

In January of this year, I installed clamav again, this time from the pclinuxos repos. They finally had it.

This month, I came across another popular antivirus program called Comodo at https://www.comodo.com/home/internet...-for-linux.php

After installing it, I did a scan with comodo and it found 11 viruses with .exe files in shared folders from clamav. This version of clamav was installed from the pclinuxos repos.

Question is, what is the purpose of these .exe viruses that clamav includes when installing clamav? Is this intentional or is it using these viruses as a reference for virus signatures or fingerprints.

I am

Anyway, I'm sticking with comodo. I don't trust clamav anymore.

PS: I am using antivirus software because my computer which runs linux, the greatest os in thee world, is networked with other windows machines.

Also, there are sites that still use flash and java. And I access these types of sites from time to time.

What were the names of some of those *.exe files? False positives are hardly rare in virus detection.

Probably some quarantined files from past scans.

@ frankbell
@ Emerson

When I ran Comodo antivirus, it found all 11 viruses in the /usr/share/doc/clamav/test/ directory.

frankbell, you were right. These 11 so-called viruses are false positives. I found a similar forum thread, when you install clamav it installs the test package. In the forum, they mentioned that these test viruses are fake viruses.

Either way, I am not taking a chance. After Comodo has quarantine them, I elected to delete them as well.

What's your concern? I have had fun with clamav in past, extracting Windows viruses from my browser cache. Got bored and stopped that.

Glad we could help. I can certainly understand your wanting to find out what was going on.

Emerson, I should have thought of the quarantine thingee. I was kicking myself when I saw your post.

As an aside, I've never quite understood that quarantine thing. I guess it makes sense if there's a chance you might wish to send the suspect file in for analysis, but deleting has always been my first choice. To quote Country Joe and the Fish, "Get that thing right out of here."

Since they're in a directory called "test" and they "test" positive that suggests that they for testing purposes. It's probably a good idea after installing an anti-virus program to check that it is actually scanning things so including test files to test it makes sense if you want to test it somehow.
See also EICAR test file for testing using test scans that your AV is working.

i think it makes sense that a virus scanner sees a virus program's executables as a potential threat.

you should also check the other way round, if clamav recognizes comodo's files as a potential thread.

I agree. I like to have an AV program in linux. No operating system is immune to viruses and malware. Many say linux doesn't need AV programs because there isn't much virus/malware in the wild for linux as there is for the windows operating systems.

In fact, many people say AV programs are really for linux servers that host file sharing between linux and windows users.

I did. 0 infected files. : )

That is what ClamAV, in the main, is for -- hence the Windows executables as examples.

The .exe viruses will linger in caches unless you empty them. Quarantine, probably just changes the executable path.

Perhaps you should be looking for something that stops unwanted packets getting in, not neutralizing them when they have.

Fred.

Surely the test files in the path with "test" in it are to test the software in case a test shows that it doesn't work as it should when scanning test files?
Oh, sorry, did I forget to type "test", I meant to type test but, perhaps, I thought I typed "test" but didn't actually type "test" but just tested typing "test" instead?

Why bother with ClamAV, or any so-called "anti-virus software," at all?

In my case, it's because a long time ago I promised myself that I would never connect to the internet unless I had an AV installed. That was about the time that Linux first became a thing and I was fighting with a virus (granted, it was on a floppy and was blocked by F-Prot, but even so . . . ). When using Linux, though, I must admit that I don't always keep that promise.

To ensure that files served by one's Linux server don't infect Windows clients they are served to?