ClamAV: PUA.Win.Exploit.CVE_2012_0110 FOUND (/usr/share/mime/mime.cache)
Solution 1
This is probably just a false positive. /usr/share/mime/mime.cache is a generated file of all known mime types on your system. It's not an executable.
Virus scanners detect malicious software by sets of known fingerprints (hashes). This model leads to some false positives, inevitably. Perhaps it's a coincedence a known Windows virus matches the fingerprint as found on a Linux system, perhaps it's because the fingerprint just matches a certain MIME type pattern that will match inevitably on any Linux system...
For now, I wouldn't worry about it, but just contact the ClamAV team to ask whether this is a known issue with them already.
Also make sure to stay updated with the most recent ClamAV fingerprints (freshclam).
Solution 2
I had the same (cache PUA.Win.Exploit.CVE_2012_0110) on my Linux.
So I booted up from the USB or DISK instillation > To the try Linux mint out, > looked for the file in ( /usr/share/mime/mime.cache) and copped it to a USB stick. Logged back on to my installed Linux mint, and replaced the one on my sys, with the one I copped to my USB stick ( Now it no longer detected as a virus)
Related videos on Youtube
02 : 21
01 : 49
11 : 09
13 : 32
20 : 18
Csabi Vidó
This is my AskUbuntu profile and most of my stuff here on StackExchange is tech-oriented. However I do have other hobbies and interests, you may find more about these in my other profiles on the network. I'm lwbt on Reddit and Telegram. I started with Ubuntu and Linux somewhere between 2006 and 2007. With the release of 08.04 I completely migrated away from Windows to Ubuntu and while this has been a few years ago I still consider myself fairly new to this topic and I know I can still discover something new and exciting everyday. The following listing is not to brag about hardware, I'm rather trying to reproduce issues and share experience. Custom built desktop computers with Intel HD graphics (dualscreen setup), Lenovo T530 & T560 (touch) without discrete graphics (also run Windows 10), Chromebooks Lenovo N22 & ASUS Flip C302 (with GalliumOS) Behringer FCA610 USB (PulseAudio multichannel configuration), JDS Labs C5D & The Element, Bluetooth dongles and BT audio speakers and headphones Wacom Intuos 4 PTK-540WL HP 3005pr Port Replicator (works with proprietary DisplayLink driver) Aten CS1794 HDMI KVMP Switch Logitech TK820 and some unifying receiver mice …and some APC UPS
Updated on September 18, 2022Comments
-
Csabi Vidó over 1 year
I recently scanned my system with (I am running the latest version of ClamAV and my definitions are up-to-date):
sudo clamscan -r --detect-pua --infected --bell /And this one was of the results:
/usr/share/mime/mime.cache: PUA.Win.Exploit.CVE_2012_0110 FOUNDI have not seen anything like this before, so what is this, is this anything to worry about, and should I do anything about it? Also, what is the purpose of the location that it was found in?
Additional Information:
You can download the
mime.cachefile here: https://www.dropbox.com/s/58sxjv48ye4p6au/mime.cache?dl=0And I appear to have found what this
CVE_2012_0110is, as it is one of the vulnerabilities listed on this page.I have scanned the file on VirusTotal, and although the only thing which detected something bad was in the Additional information section at the bottom, I don't necessarily trust that all is well because if something was say injected into that file or something, then perhaps it would be more heuristics that would detect it rather than matching MD5 sums. Here is the report: report
OS Information:
Description: Ubuntu 14.10 Release: 14.10-
Csabi Vidó about 9 yearsCan you try scanning the file again after running
sudo update-mime-database /usr/share/mime/and also upload it to virustotal.com? Related document: standards.freedesktop.org/shared-mime-info-spec/… -
Admin about 9 years@LiveWireBT: Ok, I have done both of those things (in order), and have edited my question to include more information. -
JoKeR about 9 yearsaccording to virus databases from different AV labs it refers to: This is a detection for malicious html files which exploit the CVE-use-after-free vulnerability found in Microsoft Internet Explorer, that could allow an attackers to download and run a malicious executable file on the system. Microsoft Internet Explorer 10 is affected. And other CVE infections stated on also: found in the Microsoft Windows NDProxy driver, that could allow attackers to run code in Kernel mode. The vulnerable systems are the running Windows XP or Windows Server 2003 -
Admin about 9 years@JoKeR: What about the matching CVE-ID I found on the Oracle site?
-
JoKeR about 9 yearsYes, I saw that it's true but all the reports were from Windows Server machines, so I can't say anything else here.
-
-
Kalamalka Kid almost 8 yearsthis locked me out of my system with a login loop. I wouldnt do this unless you know how to fix it! -
Kalamalka Kid almost 8 yearsif you get locked out using this method please see: ubuntuforums.org/showthread.php?t=2295431
-
technerdius almost 8 yearsWhere did you get a log in loop error? I have done this on Mac, Ubuntu, CentOS, and OpenSUSE. I even go so far as
chmod -R 000 ~/.cache/mozilla/firefox/[string].default/cache2/entries/and I never have had issues with firefox. Try running firefox from your terminal emulator$ firefox, which will print any errors while browsing. Likely, you have other errors that upon research and troubleshooting, can be fixed at `about:config' in firefox.
