Giters

Cisco-Talos / clamav

ClamAV - Documentation is here: https://docs.clamav.net

Home Page:https://www.clamav.net/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ClamAV virus scan - issues found with Adobe Reader MUI

kasyap139 opened this issue · comments

commented

Recently, when I was evaluating some antivirus software, I noticed that the ClamAV antivirus scan raised issues with the below files (Scan log attached).
I am unsure if this is valid. Can anyone let me know if this is a false positive result?
Adobe reader update: AcroRdrDCUpd2300820533_MUI

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.dll
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll

  1. Install adobe reader , install the update AcroRdrDCUpd2300820533_MUI (Feb 2024 update)
  2. Download the ClamAV , running on Windows 10 PC
  3. Download the latest updated virus defenitions from http://database.clamav.net
  4. Create a folder named "database" in the root folder of the scanner and place the virus definitions.
  5. Run "command clamscan --infected --recursive --exclude-dir="C:\Windows" C:"
  6. scan log is attached
    ScanResult_C_NewAdobe.txt
    ScanResult_C.txt

Command to run scan:

command clamscan --infected --recursive --exclude-dir="C:\Windows" C:\

Info from Virus Total for these files:

https://www.virustotal.com/gui/file/61e5d9aa95d6a7f4db450417f8d606d5d1084c133da15171490b17926884fbb1
https://www.virustotal.com/gui/file/e50cbff4bca4301e44c173ac15d468a0246f00f845053c23ac263f99c628e7dc
https://www.virustotal.com/gui/file/751EAEB4DB5D3A76E3FB7775F3A2430514FFEC41AD5ED25147398959F3FAAEDB
https://www.virustotal.com/gui/file/837063AA34E5AA464126CCB86409E9F912AD153B0281E4172968463A5C536AC6
https://www.virustotal.com/gui/file/921E4FA5E09ED01E71EC0F4F4A309EC851F77932CCA1ED7F7C8D3741B52A668A

commented

Hi @kasyap139. It seems likely these are false positives because ClamAV is the only hit. The "Google" matches seem to be a result of them using ClamAV in their scanner.

Can you please submit these to our false positive reporting portal? Automated processes managed by our threat research team should triage and resolve the false positives.

https://www.clamav.net/reports/fp

Since this ticket queue is for bug reporting in the ClamAV software and not for signature detection issues, I'll close this ticket.