Win.Malware.Triusor in t32, t64, w32, w64 executables?


#1

The virus scanner on my server detected an issue with the following certbot files:

/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/_vendor/distlib/t32.exe
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/_vendor/distlib/t64.exe
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/_vendor/distlib/w32.exe
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/_vendor/distlib/w64.exe

The email notification reads:

“Antivirus scanner found a threat ( Win.Malware.Triusor-6824994-0) in the file /opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/_vendor/distlib/w64.exe. Please delete the infected file soon.”

Not sure if this is a false detection, but removed the files just in case.
Could be a good idea to check the distribution files.


#2

It looks like clamav is treating this as a false positive:

https://www.mail-archive.com/clamav-users@lists.clamav.net/msg46771.html