nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

ClamAV reporting support@lastpass.com.xpi trojan?

rymar

Using Linux Mint 20 and Firefox 89.0.2 and LastPass. When I last ran ClamAV it flags this extension as a trojan. Anyone have any idea as to why?

Find more posts tagged with

Accepted answers

glenn.dobson

@rymarI am not sure if your antivirus supports this, but with most of them you can submit the file in question to them and they will clear it from their list when it is a false positive. Most modern antivirus programs today rely on a trust network to determine if a file represents a threat. As a result, despite signing all executable files we distribute using a digital certificate, every time we release a new version of our software it typically results in antivirus programs flagging it as suspicious until it is distributed to thousands of users and/or until end users update their virus definitions. If you encounter this issue, the please follow the following steps: Re-download the problematic files from theLastPass Download page. Upload the suspicious files toVirus Total, a service that will analyze the files using dozens of the industry's top antivirus engines. Unless the results indicate that several top antivirus engines believe the files to be infected, it is likely they are safe. Right click on the files and select 'Properties' from the context-menu, and then choose the 'Digital Signatures' tab. Make sure the files have a valid digital signature and have been signed by 'LastPass' and if necessary, view the certificate. This will assure you that the files were created by LastPass and have not been modified by a rogue 3rd party. If after the above steps you still believe that files are infected or were not created by LastPass, then please contact us atsecurity@lastpass.comand send us the files.

All comments

rymar

I have reported it to LastPass. I suspect it may be an erroneous message but who knows. This is the ClamTK result : .mozilla/firefox/oiua4jql.default/extensions/support@lastpass.com.xpi: PUA.Win.Trojan.Xored-1 FOUND

rachael.orovets

Hi @rymar,

While we haven't gotten reports from other users of this happening, it looks like the LastPass extension is being flagged by your antivirus for some reason, although we aren't sure why. If you'd like the technical team can investigate further, if you'd like for them to do this please submit a bug report following the steps here:https://support.logmeininc.com/lastpass/help/how-do-i-report-a-bug-to-lastpass or you can instead add an exception for the LastPass extension in your antivirus.

glenn.dobson

@rymarI am not sure if your antivirus supports this, but with most of them you can submit the file in question to them and they will clear it from their list when it is a false positive. Most modern antivirus programs today rely on a trust network to determine if a file represents a threat. As a result, despite signing all executable files we distribute using a digital certificate, every time we release a new version of our software it typically results in antivirus programs flagging it as suspicious until it is distributed to thousands of users and/or until end users update their virus definitions. If you encounter this issue, the please follow the following steps: Re-download the problematic files from theLastPass Download page. Upload the suspicious files toVirus Total, a service that will analyze the files using dozens of the industry's top antivirus engines. Unless the results indicate that several top antivirus engines believe the files to be infected, it is likely they are safe. Right click on the files and select 'Properties' from the context-menu, and then choose the 'Digital Signatures' tab. Make sure the files have a valid digital signature and have been signed by 'LastPass' and if necessary, view the certificate. This will assure you that the files were created by LastPass and have not been modified by a rogue 3rd party. If after the above steps you still believe that files are infected or were not created by LastPass, then please contact us atsecurity@lastpass.comand send us the files.

rymar

So I did mention that this is on a Linux system and as such digital signing checking is not an option. however I did run this file past the Virus Total website and no issues were detected. I'm going with the assumption that Clam got it wrong and this was flagged as a false positive.