Win.Malware.Triusor in t32, t64, w32, w64 executables?

The virus scanner on my server detected an issue with the following certbot files:

/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/_vendor/distlib/t32.exe
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/_vendor/distlib/t64.exe
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/_vendor/distlib/w32.exe
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/_vendor/distlib/w64.exe

The email notification reads:

“Antivirus scanner found a threat ( Win.Malware.Triusor-6824994-0) in the file /opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/_vendor/distlib/w64.exe. Please delete the infected file soon.”

Not sure if this is a false detection, but removed the files just in case.
Could be a good idea to check the distribution files.

2 Likes

It looks like clamav is treating this as a false positive:

https://www.mail-archive.com/clamav-users@lists.clamav.net/msg46771.html

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.