I'm an unexperienced user and new to Linux. But I know it as reliable and secure OS. Sometimes I can find some viruses on my computer - namely in wine and it's no wonder. But the other day I felt a bit confused - for training reasons I was scanning my computer with Clamav and to my astonishment it found 33 infected files. And where?! In /usr!!! I traced the whole path - /usr/share/doc/clamav/test. There were 33 infected Windows files there:


----------- SCAN SUMMARY -----------
Known viruses: 428525
Engine version: 0.94
Scanned directories: 2
Scanned files: 103
Infected files: 33
Data scanned: 1.30 MB
Time: 3.655 sec (0 m 3 s)
[randolph@localhost ~]$

I don't think there's any danger to my Mandriva. Most probably these viruses are to be there for some reason, but which one I have no idea. I wish someone would shed light on the issue.

I think that ClamAV has a tendancy for false positives.

On my install of KlamAV, I have the boxes unchecked for:
* Treat a Broken Executable as a Virus
* Mark Encrypted Files as Suspicious

BTW, the latest versions of ClamAV and KlamAV (in backports) are:
* ClamAV 0.94
* KlamAV 0.44

After reading your post I decided to finally do a full system scan, and these same 33 viruses were on my system at the same location: /usr/share/doc/clamav/test/.

If you mouse over the file entry in KlamAV, the following message is displayed: ClamAV-Test-File: clam.xxx contains the ClamAV test signature. It's not a virus.

I am fairly confident this is normal and no cause for alarm.

The directory itself gives a hint in that it's test viruses for you to run the scanner against to see if it is working.

Is that why its called test then?

I'm going to bet you can safely delete the files in /usr/share/doc/clamav/test - probably even the whole test directory. No more false-positives (and clamav should continue to function).