Skip to content

Group multiple findings of same virus in identical files which are in a different location

My scan gave the following output:

` ClamTk, v5.25 Mon Dec 28 15:36:31 2020 ClamAV Signatures: 8871939 Directories Scanned: /home/user/.config/Code/CachedExtensionVSIXs /home/user/.npm/_cacache/content-v2/sha1/92/18 /home/user/.npm/_cacache/content-v2/sha512/98/44 /home/user/.vscode/extensions/dotjoshjohnson.xml-2.5.1/node_modules/imurmurhash /home/user/.vscode/extensions/hashicorp.terraform-2.3.0/node_modules/imurmurhash /home/user/.vscode/extensions/ms-azuretools.vscode-docker-1.9.0/dist /lib/firmware/vxge /snap/kontena-lens/149/resources/static/build /snap/postman/130/usr/share/Postman/resources/app/node_modules/imurmurhash /usr/lib/libreoffice/presets/basic/Standard /usr/lib/libreoffice/share/basic/Access2Base /usr/lib/libreoffice/share/basic/Depot /usr/lib/libreoffice/share/basic/Euro /usr/lib/libreoffice/share/basic/FormWizard /usr/lib/libreoffice/share/basic/Gimmicks /usr/lib/libreoffice/share/basic/ImportWizard /usr/lib/libreoffice/share/basic/Template /usr/lib/libreoffice/share/basic/Tools /usr/lib/libreoffice/share/basic/Tutorials /usr/lib/libreoffice/share/extensions/wiki-publisher/WikiEditor /usr/lib/node_modules/@angular/cli/node_modules/imurmurhash /usr/lib/node_modules/npm/node_modules/imurmurhash /usr/lib/node_modules/npq/node_modules/imurmurhash /usr/share/go-1.10/src/compress/gzip/testdata /var/lib/flatpak/repo/objects/34 /var/lib/flatpak/runtime/org.gnome.Sdk/x86_64/3.38/df398bffa3e3441ab61184aff3fca32c477b1417260827373cee0063e8f6d49c/files/libexec/installed-tests/gdk-pixbuf/test-images/gif-test-suite

Found 101 possible threats (627906 files scanned).

/snap/kontena-lens/149/resources/static/build/Lens.js

PUA.Win.Trojan.Xored-1 /snap/postman/130/usr/share/Postman/resources/app/node_modules/imurmurhash/imurmurhash.min.js

                                  PUA.Win.Trojan.Xored-1

/usr/lib/libreoffice/share/basic/Gimmicks/AutoText.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /home/user/.vscode/extensions/dotjoshjohnson.xml-2.5.1/node_modules/imurmurhash/imurmurhash.min.js

                             PUA.Win.Trojan.Xored-1

/usr/lib/libreoffice/share/basic/Gimmicks/ChangeAllChars.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/FormWizard/FormWizard.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/FormWizard/tools.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/FormWizard/DBMeta.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/FormWizard/develop.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/FormWizard/Layouter.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/FormWizard/Language.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/Init.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/ConvertRun.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/ImportWizard/API.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/AutoPilotRun.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/Writer.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/Hard.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/Soft.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/Protect.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Euro/Common.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Template/Correspondence.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Template/ModuleAgenda.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Template/Autotext.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Template/Samples.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/ImportWizard/DialogModul.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_it.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_zh.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_ko.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Currency.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/CommonLang.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Internet.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_tw.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Depot.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_en.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/tools.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/ImportWizard/Main.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_ja.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_fr.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_de.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_sv.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Depot/Lang_es.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tutorials/TutorialClose.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tutorials/TutorialOpen.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tutorials/TutorialCreator.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tutorials/RoadMap.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tutorials/ShowInfoDialog.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/ImportWizard/FilesModul.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tutorials/Functions.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tools/UCB.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tools/Listbox.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tools/Strings.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tools/Misc.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tools/ModuleControls.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Tools/Debug.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Trace.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Recordset.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Methods.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/ImportWizard/Language.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/UtilProperty.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/OptionGroup.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Root_.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Dialog.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Module.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Event.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Database.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Test.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Control.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/DataDef.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Gimmicks/GetTexts.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Form.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Field.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/TempVar.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/DoCmd.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Compatible.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/L10N.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/CommandBar.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/acConstants.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/_License.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Application.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Gimmicks/Userfields.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/CommandBarControl.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Property.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Collect.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/PropertiesSet.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/Utils.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/PropertiesGet.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/basic/Access2Base/SubForm.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/share/extensions/wiki-publisher/WikiEditor/Module1.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/libreoffice/presets/basic/Standard/Module1.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/node_modules/npm/node_modules/imurmurhash/imurmurhash.min.js

PUA.Win.Trojan.Xored-1 /usr/lib/libreoffice/share/basic/Gimmicks/ReadDir.xba

PUA.Doc.Tool.LibreOfficeMacro-2 /usr/lib/node_modules/npq/node_modules/imurmurhash/imurmurhash.min.js

PUA.Win.Trojan.Xored-1 /usr/lib/node_modules/@angular/cli/node_modules/imurmurhash/imurmurhash.min.js

PUA.Win.Trojan.Xored-1 /usr/share/go-1.10/src/compress/gzip/testdata/issue6550.gz

PUA.Win.Exploit.CVE_2012_1461-1 /var/lib/flatpak/runtime/org.gnome.Sdk/x86_64/3.38/df398bffa3e3441ab61184aff3fca32c477b1417260827373cee0063e8f6d49c/files/libexec/installed-tests/gdk-pixbuf/test-images/gif-test-suite/max-width.gif BC.Gif.Exploit.Agent-1425366.Agent /var/lib/flatpak/repo/objects/34/32b76db9f3df9ffb126a55624df56417c367c47d95e3f619585af51e448144.file

                           BC.Gif.Exploit.Agent-1425366.Agent

/home/user/.config/Code/CachedExtensionVSIXs/cssho.vscode-svgviewer-2.0.0

PUA.Win.Packer.Upolyx-12 /home/user/.npm/_cacache/content-v2/sha512/98/44/dd8d9df46b761ff8d4c1ff0a9380008aeeb018425e6ec4a2b45954cd985d2c33752ff2cdd1e7c619316ed186ed0b936466ba1763e5d707e50efacc20d574 PUA.Win.Trojan.Xored-1 /home/user/.npm/_cacache/content-v2/sha1/92/18/b9b2b928a238b13dc4fb6b6d576f231453ea

                                            PUA.Win.Trojan.Xored-1

/home/user/.vscode/extensions/hashicorp.terraform-2.3.0/node_modules/imurmurhash/imurmurhash.min.js

                            PUA.Win.Trojan.Xored-1

/home/user/.vscode/extensions/ms-azuretools.vscode-docker-1.9.0/dist/extension.bundle.js

                                       PUA.Win.Trojan.Xored-1

`

Now I compared the imurmurhash.min.js files using the diff terminal command and it turns out that they are binary identical. Even though I think it is a false positive in my case, I would like to have the output sorted by Malware name and grouped under that the paths where that Malware has been found.

For example

PUA.Win.Trojan.Xored-1 /home/user/.vscode/extensions/hashicorp.terraform-2.3.0/node_modules/imurmurhash/imurmurhash.min.js /usr/lib/node_modules/@angular/cli/node_modules/imurmurhash/imurmurhash.min.js

Edited by spotlesscoder