Clamscan: infected files found
From time to time, I perform a scan with clamscan. I'm on Archlinux. Clamscan database is updated before each scan.
Today clasmscan reported 19 infected files:
./.cache/mozilla/firefox/qyq0onej.default/cache2/entries/3BCF117A4E950F91D6EB45E1DEDD93D42A0F4084: Sanesecurity.Malware.20387.WebHeur.UNOFFICIAL FOUND
./.cache/mozilla/firefox/6vjpuub7.default/OfflineCache/D/3/714AAA0A2A5929-0: Sanesecurity.Malware.26368.JsHeur.UNOFFICIAL FOUND
./.cache/mozilla/firefox/6vjpuub7.default/OfflineCache/3/F/14B2B08E604FDC-0: Sanesecurity.Malware.26368.JsHeur.UNOFFICIAL FOUND
./.cache/mozilla/firefox/6vjpuub7.default/OfflineCache/C/3/725565E485B3A3-0: Sanesecurity.Malware.26368.JsHeur.UNOFFICIAL FOUND
./.cache/mozilla/firefox/6vjpuub7.default/cache2/entries/E760C5B03F1F86762A3BA2E7263CE8952C042185: PhishTank.Phishing.4401799.UNOFFICIAL FOUND
./.cache/mozilla/firefox/6vjpuub7.default/cache2/entries/047AD2F458E28F8B0EDD2895F5AC550333CEF02D: PhishTank.Phishing.4401799.UNOFFICIAL FOUND
./.cache/mozilla/firefox/2vye4yjm.test/OfflineCache/D/3/714AAA0A2A5929-1: Sanesecurity.Malware.26368.JsHeur.UNOFFICIAL FOUND
./.cache/mozilla/firefox/2vye4yjm.test/OfflineCache/3/F/14B2B08E604FDC-1: Sanesecurity.Malware.26368.JsHeur.UNOFFICIAL FOUND
./.cache/mozilla/firefox/2vye4yjm.test/OfflineCache/C/3/725565E485B3A3-1: Sanesecurity.Malware.26368.JsHeur.UNOFFICIAL FOUND
./.cache/mozilla/firefox/2vye4yjm.test/cache2/entries/E760C5B03F1F86762A3BA2E7263CE8952C042185: PhishTank.Phishing.4401799.UNOFFICIAL FOUND
./.cache/mozilla/firefox/2vye4yjm.test/cache2/entries/75C1F044F894D98DA12F8CA2CFEB25A27917E6A2: Sanesecurity.Malware.26345.JsHeur.UNOFFICIAL FOUND
./.cache/mozilla/firefox/2vye4yjm.test/cache2/entries/7AA49C7707663F1786152490B004C44E7CAAABC4: PhishTank.Phishing.4401799.UNOFFICIAL FOUND
./.mozilla/firefox/6vjpuub7.default/extensions/uBlock0@raymondhill.net.xpi: PhishTank.Phishing.4401799.UNOFFICIAL FOUND
./.mozilla/firefox/2vye4yjm.test/extensions/uBlock0@raymondhill.net.xpi: PhishTank.Phishing.4401799.UNOFFICIAL FOUND
./.config/Franz/Partitions/whatsapp_9a7f0132-4d66-7676-1018-a78cd6887824/Cache/f_000045: Html.Exploit.CVE_2017_8738-6336184-2 FOUND
./.config/Dagom'App/app.zip: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND
./.wine/drive_c/windows/syswow64/gecko/2.47/wine_gecko/browser/omni.ja: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND
./.wine/drive_c/windows/system32/gecko/2.47/wine_gecko/browser/omni.ja: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND
./.local/share/virtualenvs/cad/lib/python3.6/site-packages/PyQt5/Qt/resources/qtwebengine_devtools_resources.pak: Sanesecurity.Malware.26345.JsHeur.UNOFFICIAL FOUND
Some infected files seem to be in firefox's cache (ex: Sanesecurity.Malware.26368.JsHeur.UNOFFICIAL).
One seems to be related to Franz (a client for several messaging services): Html.Exploit.CVE_2017_8738-6336184-2. This one seems to be an official found.
./.config/Dagom'App/app.zip: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND
This one seems to be a false positive.
./.wine/drive_c/windows/syswow64/gecko/2.47/wine_gecko/browser/omni.ja: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND
I don't know what to think about this one.
./.local/share/virtualenvs/cad/lib/python3.6/site-packages/PyQt5/Qt/resources/qtwebengine_devtools_resources.pak: Sanesecurity.Malware.26345.JsHeur.UNOFFICIAL FOUND
And this one seems to be a false positive as well. I installed PyQt with pip, for python development.
I haven't much experience with clamscan, or malware. Could you explain to me how I should consider this information?
When the match is unofficial, how relevant is the information? Are these files all malware? If one or several of them are, what should I do with them?
