/usr/share/doc/libusb-1.0-doc/html/jquery.js PUA.Html.Exploit.CVE_2014_0322-1
/usr/lib/libreoffice/presets/basic/Standard/Module1.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/ImportWizard/Language.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/ImportWizard/Main.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/ImportWizard/FilesModul.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Template/Autotext.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Template/ModuleAgenda.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Template/Correspondence.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Template/Samples.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Gimmicks/GetTexts.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Gimmicks/ReadDir.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Gimmicks/ChangeAllChars.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Tutorials/TutorialCreator.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Gimmicks/AutoText.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Gimmicks/Userfields.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/FormWizard/Layouter.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/FormWizard/tools.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/FormWizard/DBMeta.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/FormWizard/FormWizard.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/FormWizard/develop.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/FormWizard/Language.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/Lang_it.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/Internet.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Tutorials/TutorialClose.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/tools.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/Depot.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/Lang_de.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/Lang_ja.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/Lang_ko.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/Lang_zh.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/CommonLang.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/Lang_en.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/Currency.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/Lang_sv.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Tutorials/Functions.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/Lang_tw.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/Lang_fr.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Depot/Lang_es.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Euro/Common.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Euro/AutoPilotRun.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Euro/Init.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Euro/Hard.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Euro/Protect.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Euro/Soft.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Euro/Writer.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Tutorials/TutorialOpen.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Euro/ConvertRun.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Tools/ModuleControls.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Tools/Listbox.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Tools/Strings.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Tools/UCB.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Tools/Debug.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Tools/Misc.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Tutorials/RoadMap.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/Tutorials/ShowInfoDialog.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/ImportWizard/DialogModul.xba PUA.Doc.Tool.LibreOfficeMacro-2
/usr/lib/libreoffice/share/basic/ImportWizard/API.xba PUA.Doc.Tool.LibreOfficeMacro-2
答案1
您确实需要某种 HIDS 系统与 clamav 结合运行。
clamav 因“误报”而臭名昭著,您可以轻松在互联网上找到许多帖子,证明这些误报可以忽略......
但 ...
如果您认为存在误报,Clamav 有一种报告误报的机制 -https://www.clamav.net/reports/fp
虽然忽略误报是一种常见的做法,但我只想添加一些细节/警告/建议......
您需要从已知良好的系统开始,例如全新安装。然后安装并配置某种 HIDS(OSSEC、AIDE 等)。
看http://opensourceforu.com/2017/04/best-open-source-network-inrupt-detection-tools/或通过谷歌搜索选项。
然后运行 clamv 并调查误报。
您可以确定某个软件包是否安装了某个文件,在全新安装时,您必须假设这些文件是干净的。您不必做出这样的假设,但这样您就会陷入深不见底的偏执之中,如果您不信任 ubuntu 存储库,那么您将面临很多麻烦。
使用 debsums 验证文件
sudo debsums -ac
请参阅 debsums 手册页https://blog.sleeplessbeastie.eu/2015/03/02/how-to-verify-installed-packages/了解更多详情。
然后,您从一个已知良好的系统开始,并且您知道 clamav 在全新安装后会报告什么。
当您运行 clamav 时,您可以通过 debsums 和 HIDS 将其与全新安装进行比较。
每次更新和包安装后,通过确认 debsums 来更新 HIDS 和 clamav 已知误报列表。
如果您收到来自 clamav 的警报,您可以查看 HIDS 和 debsums 中的文件历史记录,以确定文件是否(仍然)完好无损/误报,或者文件是否发生了意外更改。
我完全理解我所建议的非常麻烦,而且很多人没有完成所有这些步骤,但是......
如果您不打算调查 clamav 引导您调查的内容,为什么还要运行 clamav 呢?
答案2
是的。它们被发现为 LibreOffice 宏。与所有其他软件一样,宏可能存在安全风险,但这些宏是作为安装的一部分分发的,并经过 LibreOffice 创建者的审查。
当找到 clamav(或任何其他 AV)突出显示的文件时,最好使用 Google 搜索 AV 引擎找到的内容。