Virus scanner
David Curtis
dcurtis at uniserve.com
Sun Sep 27 22:15:37 UTC 2009
On Sun, 27 Sep 2009 17:53:29 -0400
Leigh Honeywell <leigh at hypatia.ca> wrote:
> On Sun, Sep 27, 2009 at 05:12:02PM -0400, R. Wood wrote:
> >
> > Hi,
> >
> > I can't state for sure that what you are getting are false
> > positives, but that thread we read would seem to suggest so. For
> > example: "NOTE: A detection as PUA does NOT tell if a application
> > is good or bad. All it says is, that a file MAYBE unwanted or
> > MAYBE could compromise your system security and it MAYBE a good
> > idea to check it twice."
> > Also, PUA = Potentially Unwanted Applications
> >
> > The thread also gives some instructions for turning off PUA
> > detection if you decide that is what you want to do.
> >
> > Perhaps others on this mailing list have ideas also?
>
> Sure can :)
>
> The detection "PUA.Script.Packed" is very likely a packed / obfuscated
> JavaScript file from a webpage Raymond visited. You see this kind of
> file both on legitimate websites which have been infected, as well as
> actively malicious sites. The most common thing they lead to these
> days is the "fake antivirus" malware like Antivirus 2009 and its
> bretheren.
>
> So yeah... not strictly an FP... but not worth worrying over on Linux.
Seconded, nothing in ~/.mozilla/firefox/xxxxxx.default/Cache/ is ever
executable. I guess any malicious script would be directed at a browser
(probably IE) vulnerability. Nothing that a virus scanner is going to
be able to prevent.
I say delete without a second thought.
Dave
More information about the ubuntu-ca
mailing list