Clamtk将这些LibreOffice文件报告为可能的威胁。 他们安全吗?
/usr/share/doc/libusb-1.0-doc/html/jquery.js PUA.Html.Exploit.CVE_2014_0322-1 /usr/lib/libreoffice/presets/basic/Standard/Module1.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/ImportWizard/Language.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/ImportWizard/Main.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/ImportWizard/FilesModul.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Template/Autotext.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Template/ModuleAgenda.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Template/Correspondence.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Template/Samples.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Gimmicks/GetTexts.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Gimmicks/ReadDir.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Gimmicks/ChangeAllChars.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tutorials/TutorialCreator.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Gimmicks/AutoText.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Gimmicks/Userfields.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/FormWizard/Layouter.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/FormWizard/tools.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/FormWizard/DBMeta.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/FormWizard/FormWizard.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/FormWizard/develop.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/FormWizard/Language.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_it.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Internet.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tutorials/TutorialClose.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/tools.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Depot.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_de.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_ja.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_ko.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_zh.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/CommonLang.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_en.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Currency.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_sv.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tutorials/Functions.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_tw.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_fr.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_es.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/Common.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/AutoPilotRun.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/Init.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/Hard.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/Protect.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/Soft.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/Writer.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tutorials/TutorialOpen.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/ConvertRun.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tools/ModuleControls.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tools/Listbox.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tools/Strings.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tools/UCB.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tools/Debug.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tools/Misc.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tutorials/RoadMap.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tutorials/ShowInfoDialog.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/ImportWizard/DialogModul.xba PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/ImportWizard/API.xba PUA.Doc.Tool.LibreOfficeMacro-2 你真的需要某种HIDS系统与clamav一起运行。
clamav因“误报”而臭名昭着,你可以在互联网上轻松找到许多post,certificate这些误报可以被忽略……
但是……
如果您认为自己有误报,Clamav有一个报告误报的机制 – https://www.clamav.net/reports/fp
虽然忽略误报是一种常见做法,但我只想添加一些细节/警告/建议……
您需要从一个已知良好的系统开始,例如全新安装。 然后安装并配置某种HIDS(OSSEC,AIDE,…)。
请参阅http://opensourceforu.com/2017/04/best-open-source-network-intrusion-detection-tools/或google搜索选项。
然后你运行clamv并调查误报。
您可以确定软件包是否安装了文件,在全新安装时,您必须假设这些文件是干净的。 你不必做出这样的假设,但是你进入了一个深深的偏执狂洞,如果你不相信ubuntu存储库,那么你就可以从大门中进行大量的步法。
您validation带有debsums的文件
sudo debsums -ac
有关详细信息,请参阅debsums手册页https://blog.sleeplessbeastie.eu/2015/03/02/how-to-verify-installed-packages/ 。
然后,您将从一个已知良好的系统开始,并且您知道clamav使用干净,全新的安装报告。
当你运行clamav时,你可以通过debsums和HIDS将它与你的全新安装进行比较。
通过确认debsums,您可以在每次更新和打包安装后更新HIDS和已知误报的clamav列表。
如果您有来自clamav的警报,请查看HIDS和debsums中的文件历史记录,以确定文件是否(仍然)完整/是误报或文件是否有意外更改。
我完全理解我的建议是非常繁琐的,许多人不会做所有这些步骤,但……
如果你不打算调查clamav指导你调查什么,为什么要运行clamav呢?
是。 它们被发现为LibreOffice宏。 与所有其他软件一样,宏可能会带来安全风险,但这些软件作为安装的一部分进行分发,并由LibreOffice的创建者进行审查。
找到由clamav(或任何其他AV)突出显示的文件时,一件好事就是谷歌搜索AV引擎找到的内容。