3

I recently did a scan using Clamav, and these were two of the results:

/usr/share/doc/properties-cpp/html/jquery.js: PUA.HTML.Exploit.CVE_2014_0322 FOUND
/usr/share/doc/process-cpp/html/jquery.js: PUA.HTML.Exploit.CVE_2014_0322 FOUND

I have done some further research into what CVE_2014_0322 is, and it seems to be a Zero-Day in IE 9 and 10, however, why has it been detected on my machine? Is this a false positive? If not, do I need to do anything about these files?

OS Information:

Description:    Ubuntu 15.04
Release:    15.04

1 Answers1

6

This one is Windows only; so yes it is a false positive when using a non-Windows system.

This site shows what other scanners show. Only ClamAV complains, all the others do not see a problem. That might be due to ClamAV using a better definition but it was noticed a year ago so that also is a big indicator it is a false positive.

Rinzwind
  • 293,910
  • 41
  • 570
  • 710
  • That site shows results for your file (" HTML.Exploit.CVE_2014_0322 ") and reports what any scanner reports. Only clamav sees it as a problem. – Rinzwind Jul 15 '15 at 14:48
  • I had another look at that... And it's not the same thing it's reporting it as... Because it does not start with "PUA", and when I upload any of my files to VirusTotal, all AVs (including ClamAV) on the Analysis page say that it is safe... The only mention of any possible danger is in the Additional information section where it says that ClamAV has marked it as a PUA. [This](https://www.virustotal.com/en/file/ceea7e41a8f05a0be3e47e5db0203ce63c258522cae42980ddc976b27b426c99/analysis/1436971510/) would be an example of one of my files I uploaded, so you can see the difference. –  Jul 15 '15 at 14:51
  • So probably my one with the PUA at the beginning means it thinks it might be, and the other one you linked to is it saying it is certain. As my one definitely is a PUA detection, and the one you link to is not. –  Jul 15 '15 at 14:52