Calibre v2.82.0 App - Possible Virus?

Discussions relating to ClamXav

Moderator: Mark

Calibre v2.82.0 App - Possible Virus?

Postby Radar1968 » Fri 24 Mar 2017 8:50 pm

I am using the latest version of ClamxAV and v2.82.0 of the ebook manger Calibre.

I have just run a scan and had the following alert:

/Applications/calibre.app/Contents/Resources/resources/compiled_coffeescript.zip: Heuristics.Filetype.ZipWithJS-6136370-0 FOUND

Never had an issue with Calibre before or had a scan pick up anything.

Advice please as this is my first real alert to give me any concerns & I can't load to TotalVirus as the file is 202mb.

Kind Regards
Radar
Radar1968
 
Posts: 84
Joined: Thu 20 Dec 2012 8:59 pm

Re: Calibre v2.82.0 App - Possible Virus?

Postby alvarnell » Fri 24 Mar 2017 9:09 pm

I downloaded Calibre 2.82.0 and can confirm the detection.

The signature was just added by ClamAV yesterday in Daily - 23230 which would have shown up as a ClamXav update today and looks like this:

VIRUS NAME: Heuristics.Filetype.ZipWithJS-6136370-0
CONTAINER TYPE: CL_TYPE_ZIP
CONTAINER SIZE: ANY
FILENAME REGEX: \.[A-Za-z]{3}\.js$
COMPRESSED FILESIZE: ANY
UNCOMPRESSED FILESIZE: ANY
ENCRYPTION: IGNORED
FILE POSITION: 1
CRC SUM: ANY

So I would have to guess that it's not a false positive in that it is a zip file that contains javascript files, which is what it's designed to find. That doesn't mean there is anything wrong with doing that, just that it's suspicious to do so.

If I were you I would simply ignore it. Highlight the item in the ClamXav app infection window and chose "Exclude from future scans" from the ClamXav File->Infection List menu.
-Al-
--
iMac(21.5-inch, Mid 2011) 2.8GHz Intel Core i7/OSX 10.10.5, 10.11.6, 10.12.6 & 10.13.6/ClamXAV v3.0.9 (7713)/0.100.2_01
iMac(Retina 5K, 27-inch, 2017) 4.2GHz Intel Core i7/macOS 10.12.6, 10.13.6 & 10.14.5/ClamXAV v3.0.11 (7899)/0.101.2_09
alvarnell
Site Admin
 
Posts: 5509
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

Re: Calibre v2.82.0 App - Possible Virus?

Postby Radar1968 » Fri 24 Mar 2017 9:20 pm

Thanks, as usual, for taking the effort and time time to reply.

I'm guessing that this file has always been there its just that with he new def ClamXav has suddenly flagged it.

I am a member of the Calibre forum so have dropped a note over there to see if the developer can add and comment to the mix. Will report back if they do.

I'm loathed to exclude at present until I'm happy that the file is meant to be there.

Will keep you posted.

Thanks again
Radar
Radar1968
 
Posts: 84
Joined: Thu 20 Dec 2012 8:59 pm

Re: Calibre v2.82.0 App - Possible Virus?

Postby Radar1968 » Sat 25 Mar 2017 9:19 am

Consensus seems to indicate a false positive but more likely an over zealous scan:

https://www.mobileread.com/forums/showt ... p?t=284839

Must just be that the new defs have now found this whereas before they wouldn't have.

Appreciate I can ignore/exclude but what is the likelihood that this could be 'fixed'?

Radar
Radar1968
 
Posts: 84
Joined: Thu 20 Dec 2012 8:59 pm

Re: Calibre v2.82.0 App - Possible Virus?

Postby alvarnell » Sat 25 Mar 2017 9:31 am

I don't agree that it should be classified as a False Positive as it was designed to find any zip file contains any javascript files and that's exactly what it did. Whether that's a smart thing to do or not, is a good question, but heuristics are only designed to locate suspicious files, not necessarily an infected files. As long as you are satisfied that those javascript files are not signs of malware, then the correct approach is to exclude that file from future scans.

We'll just have to see how this plays out if other users complain to Cisco/ClamAV about it.
-Al-
--
iMac(21.5-inch, Mid 2011) 2.8GHz Intel Core i7/OSX 10.10.5, 10.11.6, 10.12.6 & 10.13.6/ClamXAV v3.0.9 (7713)/0.100.2_01
iMac(Retina 5K, 27-inch, 2017) 4.2GHz Intel Core i7/macOS 10.12.6, 10.13.6 & 10.14.5/ClamXAV v3.0.11 (7899)/0.101.2_09
alvarnell
Site Admin
 
Posts: 5509
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA


Return to ClamXav

Who is online

Users browsing this forum: No registered users