Clamtk reports these LibreOffice files as possible threats. Are they safe? [closed]

security libreoffice clamtk

Solution 1:

You really need some sort of HIDS system to run in conjunction with clamav.

clamav is notorious for "false positives" you you can easily find many posts throughout the internet testifying that these false positives can be ignored ....

BUT ...

Clamav has a mechanism to report false positives if you believe you have a false positive - https://www.clamav.net/reports/fp

Although ignoring false positives is a common practice, I will just add a little detail / caution / suggestions ...

You need to start with a known good system, such as a fresh install. You then install and configure some sort of HIDS (OSSEC , AIDE, ...) .

See http://opensourceforu.com/2017/04/best-open-source-network-intrusion-detection-tools/ or a google search for options.

You then run clamv and investigate false positives.

You can determine if a package installed a file, on a fresh install, you sort of have to assume that such files are clean. You do not have to make such an assumption, but then you enter a deep dark hole of paranoia and if you do not trust the ubuntu repositories you are sort of in for a lot of footwork out of the gate.

You verify a file with debsums

sudo debsums -ac

See or the debsums man page https://blog.sleeplessbeastie.eu/2015/03/02/how-to-verify-installed-packages/ for further details.

You then are starting with a known good system and you know what clamav reports with a clean , fresh install.

When you run clamav you can compare it to your fresh install via debsums and HIDS .

You update HIDS and your clamav list of known false positives after every update and package installation by confirming the debsums.

If you have an alert from clamav you look at the file history in HIDS and debsums to determine if the file is (still) intact / a false positive or if there has been an unexpected change to the files.

I fully understand what I am suggesting is very cumbersome, and many people do not do all these steps, but ...

If you are not going to investigate what clamav is guiding you to investigate, why run clamav at all ?

Solution 2:

Yes. They're discovered as LibreOffice Macros. Macros may pose a security risk, as all other software, but these are distributed as part of the installation, and is vetted by the creators of LibreOffice.

A good thing to do when finding a file highlighted by clamav (or any other AV) is to google for what the AV engine finds.

Related

My Lenovo S12 laptop (Intel atom) is taking a very, very long time to boot. Can I fix this?
Upgrade to Ubuntu 13.10 from ISO image [duplicate]
X forwarding from Ubuntu Server Ed to Windows 7
How to search through a man page?
Is there wubi for Ubuntu 13.10 [duplicate]
trouble installing pygame on ubuntu 16.04 LTS
Installation of Windows 10 & Ubuntu 18.04, Ubuntu 18.04 & Windows 10 [duplicate]
About Terminal Problem
Mozilla addons not working properly in ubuntu 12.04
Ubuntu 15.10 is not in Boot Manager
How do I create Ubuntu Live CD with .config and .mozilla inside the ISO? [duplicate]
Wifi disabled for Intel Centrino Wireless-N 1000 Intel in 12.04 [duplicate]