Clamav detects Trojans

PUA.Win.Exploit.CVE_2012_1461-1

  • PUA means "potential unwanted application". PUA are not virusses, those are claims by clamav that there is an application they consider "unwanted" because that file or extension have been proven to be abused in Windows
  • Win as 2nd part means it is a Windows related notice.
  • clamav has an option to not scan for PUA's.

My conclusion: nothing to worry about.

That leaves ...

PUA.Doc.Tool.LibreOfficeMacro-2

.config/libreoffice/4/user/basic/Standard/Module1.xba has an extension clamav trips on. They believe xba, visual basic macro's, are considered "unwanted". See Clamtk reports these LibreOffice files as possible threats. Are they safe? for a more complete list, the answers and comments.

ClamAV is notoriously flawed software: basing you scans and warnings on Windows and then apply them to Linux does not and will never work.

When you see a notice like this, and you really believe clamav is the tool to use, the next step is to check with a 2nd source: for instance upload the file to an site like virustotal or use a 2nd virusscan software together with clamav (where when both claim the same problem you investigate and otherwise consider them false positives).

But I would ditch clamav altogether and follow a Linux based method: use debsum (link to man page) to check packages (link to a howto).

And when you are really paranoid (here's looking at you Panda) use all of the above ;)