Virus Detected in Palemoon

Dragon · Unread post by **Dragon** » 2017-09-21, 05:24

keep getting virus detected in ClamwinAV for palemoon files

Scan Started Wed Sep 20 09:56:55 2017
-------------------------------------------------------------------------------

D:\palemoonupds1\palemoon-27.3.0.win32\palemoon\browser\omni.ja: Html.Exploit.CVE_2017_8757-6336185-0 FOUND
D:\palemoonupds1\palemoon-27.3.0.win32.zip: Html.Exploit.CVE_2017_8757-6336185-0 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 6303697
Engine version: 0.99.1
Scanned directories: 83
Scanned files: 1214
Infected files: 2
Data scanned: 413.75 MB
Data read: 396.85 MB (ratio 1.04:1)
Time: 62.301 sec (1 m 2 s)

Even the newest palemoon versions show as having a virus

anyway to fix this, i contacted Clamwin but not fix yet

Thanks, Dragon

dark_moon · Unread post by **dark_moon** » 2017-09-21, 07:24

Welcome to the forum!

ClamAV have a lot of false positives. Check the files with https://www.virustotal.com

Also where did you download Pale Moon from? Latest version is 27.4.2 and not 27.3.0

Unread post by **Moonchild** » 2017-09-21, 07:24

This is a false positive; nothing we can do on our end about it.
The issue found is a Microsoft Edge specific vulnerability; I'm assuming the trigger here is website code, likeness of which is found in our internal browser JavaScript.

They shouldn't even be checking for this in local files, I think, and certainly not in something that is not part of a common format that can be opened by Edge.

https://nvd.nist.gov/vuln/detail/CVE-2017-8757

lyceus · Unread post by **lyceus** » 2017-09-22, 03:46

This warning was reported previously as Immunet runs ClamAV engine too. Omni.ja is a safe file and if you let the AV program to delete it, Pale Moon won't run. It's safe white list it.

John connor · Unread post by **John connor** » 2017-09-22, 04:57

I can attest that omni.ja is a normal safe file that's part of PM and other Firefox-based browsers.

badnick · Unread post by **badnick** » 2017-09-22, 07:21

Don't use cheap or free "AV" !

postbuz · Unread post by **postbuz** » 2017-09-22, 11:01

Don't use cheap or free "AV" !

By all means, use "cheap or free AV". But use your brain too.

Unread post by **Moonchild** » 2017-09-23, 01:09

postbuz wrote:
Don't use cheap or free "AV" !
By all means, use "cheap or free AV". But use your brain too.

Use your brain first, and keep your free, cheap or Pro AV as a safety net in case you miss something or something slips through unexpected.

vessto · Unread post by **vessto** » 2017-10-01, 12:18

Hi! I registered to ask this. I wanted to install PM x64 but first tested it in VirusTotal (as I do with every other application). Surprisingly VT gave one threat:

https://www.virustotal.com/bg/file/de0a ... 506859108/

Is it false-positive? I had similar issue with few Ashampo installs which all turned to be false-positives and were removed by Ashampo's demand.

Unread post by **Moonchild** » 2017-10-01, 13:15

Yes it's a false positive. It's also not clear what "cylance" considers "unsafe".

vessto · Unread post by **vessto** » 2017-10-01, 22:00

Thank you!

Today I needed to downgrade my FF to 55 and cylance gave this result about it too.

John connor · Unread post by **John connor** » 2017-10-03, 19:23

I like how some chuckle head marked it unsafe. Idiots, the lot of them.

millpond · Unread post by **millpond** » 2017-10-11, 22:08

I've had plenty of experience with ClamAV in Linux, and can only say that this utility is worse than useless, as it is one of the lousiest scanners in creation, and gives one a false sense of security.

In fact *all* AV software is mostly useless. Trojans are composed of two parts; RATs and Encryptors (which encrypt the RAT booger payload). A good Zero-Day exploit will NOT be discovered by *any* AV software, as they are all first tested against sites like VirusTotal to begin with. Some premium ones are never eventually detectable. The cheap and free boogers (there is a marketplace for them) often take a month or two to detect.

Techie users will use
site blockers (hosts, and Peer Blocker type utils)
script blockers (NoScript, et al)
cookie/LSO blockers (Ghostery, et al)
ad blockers (adblock et al)

uBlock Origin may be a good simple option for non-techies, if you can get it to work in PM. I cant (at the moment, at least...)

dark_moon · Unread post by **dark_moon** » 2017-10-12, 19:18

millpond wrote:uBlock Origin may be a good simple option for non-techies, if you can get it to work in PM. I cant (at the moment, at least...)

What? just install it and finish. I never see any problems with uBlock in Pale Moon.

ron_1 · Unread post by **ron_1** » 2017-10-12, 19:27

Off-topic:

millpond wrote:
uBlock Origin may be a good simple option for non-techies, if you can get it to work in PM. I cant (at the moment, at least...)

Get it from the link below. Download the link that says (ironically) firefox. Latest stable is 1.14.14

https://github.com/gorhill/uBlock/releases

Pale Moon forum

Virus Detected in Palemoon Topic is solved

Virus Detected in Palemoon

Re: Virus Detected in Palemoon

Re: Virus Detected in Palemoon

Re: Virus Detected in Palemoon

Re: Virus Detected in Palemoon

Re: Virus Detected in Palemoon

Re: Virus Detected in Palemoon

Re: Virus Detected in Palemoon

Re: Virus Detected in Palemoon - VirusTotal too

Re: Virus Detected in Palemoon

Re: Virus Detected in Palemoon

Re: Virus Detected in Palemoon

Re: Virus Detected in Palemoon

Re: Virus Detected in Palemoon

Re: Virus Detected in Palemoon