Rougher's questions

今天 clamAV 扫描了我的 AWS 实例并检测到每个实例上受感染的文件。由于以下几个原因，它看起来像是误报：

1. 所有这些文件都是在 2021 年创建的（为什么现在才检测到它们？）

2. 每个实例的SSH端口由MFA+密码+VPN保护。

所有这些文件都在Conda环境中，只有exe文件被感染（我的AWS实例是Ubuntu操作系统）。

难道是和这里一样的问题吗？

/home/kidas/anaconda3/pkgs/conda-build-3.24.0-py310h06a4308_0/lib/python3.10/site-packages/conda_build/cli-64.exe: Win.Virus.Expiro-10004389-0 FOUND
/home/kidas/anaconda3/pkgs/conda-build-3.24.0-py310h06a4308_0/lib/python3.10/site-packages/conda_build/cli-32.exe: Win.Virus.Expiro-10004389-0 FOUND
/home/kidas/anaconda3/pkgs/conda-23.3.1-py310h06a4308_0/lib/python3.10/site-packages/conda/shell/cli-64.exe: Win.Virus.Expiro-10004389-0 FOUND
/home/kidas/anaconda3/pkgs/conda-23.3.1-py310h06a4308_0/lib/python3.10/site-packages/conda/shell/cli-32.exe: Win.Virus.Expiro-10004389-0 FOUND
/home/kidas/anaconda3/lib/python3.10/site-packages/conda/shell/cli-64.exe: Win.Virus.Expiro-10004389-0 FOUND
/home/kidas/anaconda3/lib/python3.10/site-packages/conda/shell/cli-32.exe: Win.Virus.Expiro-10004389-0 FOUND
/home/kidas/anaconda3/lib/python3.10/site-packages/conda_build/cli-64.exe: Win.Virus.Expiro-10004389-0 FOUND
/home/kidas/anaconda3/lib/python3.10/site-packages/conda_build/cli-32.exe: Win.Virus.Expiro-10004389-0 FOUND

VirusTotal 结果（所有 AV 显示 - 未检测到这些 AV）：

                "ClamAV": {
                    "category": "malicious",
                    "engine_name": "ClamAV",
                    "engine_version": "1.1.0.0",
                    "result": "Win.Virus.Expiro-10004389-0",
                    "method": "blacklist",
                    "engine_update": "20230730"
                },
                "SymantecMobileInsight": {
                    "category": "type-unsupported",
                    "engine_name": "SymantecMobileInsight",
                    "engine_version": "2.0",
                    "result": null,
                    "method": "blacklist",
                    "engine_update": "20230119"
                },
                "Trustlook": {
                    "category": "type-unsupported",
                    "engine_name": "Trustlook",
                    "engine_version": "1.0",
                    "result": null,
                    "method": "blacklist",
                    "engine_update": "20230730"
                },
                "Avast-Mobile": {
                    "category": "type-unsupported",
                    "engine_name": "Avast-Mobile",
                    "engine_version": "230730-02",
                    "result": null,
                    "method": "blacklist",
                    "engine_update": "20230730"
                },
                "Google": {
                    "category": "malicious",
                    "engine_name": "Google",
                    "engine_version": "1690700450",
                    "result": "Detected",
                    "method": "blacklist",
                    "engine_update": "20230730"
                },
                "BitDefenderFalx": {
                    "category": "type-unsupported",
                    "engine_name": "BitDefenderFalx",
                    "engine_version": "2.0.936",
                    "result": null,
                    "method": "blacklist",
                    "engine_update": "20230729"
                }

今天 clamAV 扫描了我的 AWS 实例并在每个实例上检测到 24 个受感染的文件。由于以下几个原因，它看起来像误报：

1. 所有这些文件都是在 2022 年 10 月创建的（为什么现在才检测到它们？）
2. 每个实例的 SSH 端口受 MFA + 密码 + VPN 保护。

那么，我的问题是，在这种情况下我的下一步应该是什么？我应该删除这些文件吗，据我所知，它可以是其他应用程序可以使用的系统文件。

2023-06-07T13:03:41.658+03:00   /snap/amazon-ssm-agent/6563/amazon-ssm-agent: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:42.909+03:00   /snap/amazon-ssm-agent/6563/ssm-agent-worker: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:44.659+03:00   /snap/amazon-ssm-agent/6563/ssm-cli: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:45.660+03:00   /snap/amazon-ssm-agent/6563/ssm-document-worker: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:46.910+03:00   /snap/amazon-ssm-agent/6563/ssm-session-logger: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:47.910+03:00   /snap/amazon-ssm-agent/6563/ssm-session-worker: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:49.411+03:00   /snap/amazon-ssm-agent/6312/amazon-ssm-agent: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:50.662+03:00   /snap/amazon-ssm-agent/6312/ssm-agent-worker: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:51.912+03:00   /snap/amazon-ssm-agent/6312/ssm-cli: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:52.912+03:00   /snap/amazon-ssm-agent/6312/ssm-document-worker: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:53.913+03:00   /snap/amazon-ssm-agent/6312/ssm-session-logger: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:55.413+03:00   /snap/amazon-ssm-agent/6312/ssm-session-worker: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:56.695+03:00   /snap/lxd/24061/bin/lxc: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:57.414+03:00   /snap/lxd/24061/bin/lxc-to-lxd: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:58.164+03:00   /snap/lxd/24061/bin/lxd-agent: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:03:58.915+03:00   /snap/lxd/24061/bin/lxd-benchmark: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:01.666+03:00   /snap/lxd/24061/bin/lxd-migrate: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:06.073+03:00   /snap/lxd/24061/bin/snap-query: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:12.420+03:00   /snap/lxd/23991/bin/lxc: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:13.170+03:00   /snap/lxd/23991/bin/lxc-to-lxd: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:13.920+03:00   /snap/lxd/23991/bin/lxd-agent: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:14.671+03:00   /snap/lxd/23991/bin/lxd-benchmark: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:16.171+03:00   /snap/lxd/23991/bin/lxd-migrate: Unix.Malware.Kaiji-10003916-0 FOUND

2023-06-07T13:04:21.073+03:00   /snap/lxd/23991/bin/snap-query: Unix.Malware.Kaiji-10003916-0 FOUND