HF virus reporting false positives?

This random parquet file is reported to have a virus called Win.Trojan.KillFiles-37:

Yet, clamscan does not flag it:

% clamscan -v ~/Downloads/train-00469-of-05534-091b605405757e80.parquet 
Loading:     6s, ETA:   0s [========================>]    8.70M/8.70M sigs       
Compiling:   2s, ETA:   0s [========================>]       41/41 tasks 

Scanning /home/opyate/Downloads/train-00469-of-05534-091b605405757e80.parquet
/home/opyate/Downloads/train-00469-of-05534-091b605405757e80.parquet: OK

----------- SCAN SUMMARY -----------
Known viruses: 8697915
Engine version: 1.0.5
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 282.61 MB (ratio 0.00:1)
Time: 8.569 sec (0 m 8 s)
Start Date: 2024:08:28 11:07:52
End Date:   2024:08:28 11:08:00

HF false positives? Or ClamAV does not work?

I’m on Linux, so even if there is a virus, it won’t affect me?

ping @mcpotato, maybe he’ll have some insights as to why it was detected as virus while clamscan doesn’t

1 Like

Yes, some antivirus programs, including HF virus scanners, can report false positives. If you encounter this issuepoly clinic verify the file or program with multiple security tools and consider updating your antivirus definitions or contacting the vendor for support.