Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 637650

Summary: clamav detection on jquery.js from libinput
Product: Gentoo Linux Reporter: sliwa
Component: Current packagesAssignee: Antivirus Team <antivirus>
Status: RESOLVED UPSTREAM    
Severity: normal CC: mjo, net-mail+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: output from "emerge --info"

Description sliwa 2017-11-16 06:57:47 UTC 
Created attachment 504478 [details]
output from "emerge --info"

On my (quite recently installed) Gentoo system I get:

/usr/share/doc/libinput-1.7.3/html/jquery.js: PUA.Html.Exploit.CVE_2014_0322-1 FOUND

on scanning /usr/share with clamscan (with the --detect-pua option).

Also, /usr/share/mime/mime.cache is detected, but as I understand this is a generated file, so I assume the latter may be a false positive.

/usr/share/mime/mime.cache: PUA.Win.Exploit.CVE_2012_0110-1 FOUND



$ sha256sum /usr/share/doc/libinput-1.7.3/html/jquery.js
f9f1caf501f4a2780a89977911a3d13c22a7940a5fd76390612175257a5278ba  /usr/share/doc/libinput-1.7.3/html/jquery.js


*  dev-libs/libinput
      Latest version available: 1.7.3
      Latest version installed: 1.7.3
      Size of files: 901 KiB
      Homepage:      https://www.freedesktop.org/wiki/Software/libinput/
      Description:   Library to handle input devices in Wayland
      License:       MIT
Comment 1 Michael Orlitzky gentoo-dev 2017-11-17 02:43:52 UTC 
You're running clamav with the "--detect-pua" flag or "DetectPUA yes" in clamd.conf which is disabled by default, and is designed to catch things other than viruses. For example, it will flag bittorrent clients, IRC clients, network scanners, etc.

I would recommend turning off the "possibly unwanted application" detection, because the sort of things that would be "possibly unwanted" on my mom's Windows workstation are the same sort of things that Gentoo users love to play with.
Comment 2 Thomas Raschbacher gentoo-dev 2018-04-20 12:16:26 UTC 
this seems to not be uncommon .. if you search the web you can find more people reporting similar messages.

In any case this would be something for upstream to fix, not for gentoo itself