Privacy issue #2646
/var/cache/pkgfile/community.files: Win.Trojan.Maljava-2 FOUND
Hint: Already removed and reloaded by
rm -r /var/cache/pkgfile/* pkgfile -u
I've tried on i686.
It's could also have fixed between the time you last updated your local malware database and the time I did the same.
sudo freshclam pkgfile -u clamscan /var/cache/pkgfile/community.files
And I've the following result:
/var/cache/pkgfile/community.files: OK ----------- SCAN SUMMARY ----------- Known viruses: 6759120 Engine version: 0.101.2 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 146.79 MB (ratio 0.00:1) Time: 161.971 sec (2 m 41 s)
Could you try after re-updating the malware database with freshclam?
By the way do you know if there is an easy way to update that database without giving root access to freshclam?
PS: Most of the time I don't agree network terms of services for things like WiFi when they prevent you from sending or transmitting viruses as there are legitimate cases where for instance you might want to send a virus sample to clamav, which is free software.
PPS: It would be an interesting project to use sandboxing for clamscan as in general programs like antivirus are parsing a lot of untrusted files. It has been done by the tracker project which is a project to parse and index files.
The chances of this being an acutal virus are very low.
- Win.Trojan.Maljava-2 - Would indicate a Windows malware
- The file is a just a huge ASCII file. so not executeable
- The file is a fairly trivial format (cpio archive) so it's doubtful that there a flaw in the extractor
- The file merely contains a bunch of text file named for packages which list the files/directories in thos packages
- Java has nothing to do with this file in the normal rource of things (cause it's not a jar, cause it's not exectuable)
The Chance of a false positive is high.
- All that is needed for a false positive is for there to be a string that matches what the IOC sting for that malware
- with 170 MB of strings to look at it wouldn't take much
if you still have the "Infected" file there are ways you could track down where the false positive is matching but that is a longer discussion.
And it looks like it has false positived in the past too.
An it looks like there is a history of Clamav Falsing on this particular detection: