Clam detecting PUAs in Home Directory

Recently I have been getting virus notifications. I know these are Scare Mail, but I was curious how they came to be. I am getting them at least every half hour in notifications. One thing that really bothers me here, is there is no way to see where any of these notifications come from. Obviously if I get a facebook notification it identifies itself. However these are from nothing I use or am subscribed to. So I ran Clam to scan my Home Directory. It showed a number of my .pdf files to be PUAs and thowed them as trojan. A number of them were statement downloads from my Bank! Then today I did a scan of the Directory where I keep my bank statements as well as all my other financial information. This time it showed eight possible trojans. All were from Government pdfs I had filled out and saved to my computer. See attachment. Could any of these be causing the notifications? And if so, what should I do. They are important documents.

One more attachment here showing the notifications. I also have a question about notifications in general. Although they tell you you have notifications, how to you access these notifications ( not the virus ones, just in general ) I often see notifications that look like messages from people, but have no idea how to read them. For instance I see a name and a short message, but when I check messenger or emails I do not see this person anywhere.

When You get a Notification, you can simply click on it and the Program what gives it should be open. Or do You mean with ''Scare Mail'' that You get bad Mails?

In this Case You could look at Have I Been Pwned:

For Your infected Files ... It could be Falses-Positives. But You could scan them in the Terminal with the Command clamscan [The-Path-Of Your-File]

Another Option is to use the Online Service Virutotal. It is a Scan Tool that uses multiple Virus Scanners:

I see Your Picture and must ask: How is Avira run on Your System? Does it have a Linux Version? I thought it is only for Windows? Or do You run it in Wine?

Normally it should be enough to click on the Notification and the Progam should open itself.

I do not have it installed. It is simply a scare ware notification. I am trying to figure out where it is coming from.

When I click on any notifications, they simply disappear. This is what my general question was about. I get notifications, but have no way to access them. Or know where they are originating from. Sorry, I am a senior, with only some technical knowledge.

Oh, okay. That is the Scare Ware. Yes, then I would start to scan Your Documents that Clam has found. Or You go the radical Way and delete Your System and install it new.

I'm not a Senior and have only a low-class technical Knowledge, too. So, there is no Reason to apologize. No One can knows everything.

So, why it doesn't work ... when it has a Connection to Your Virus Problem the Note's are theoreticcaly no real Note's and maybe because of that it doesn't work.

But when they are real, maybe there are realy only there to inform You. When You see a Note on Your Desktop and You go to this with Your Mouse Cursor You should see that there is a Button to show You. I think on Gnome 46 the Gnome Developers have it changed a bit so that You can see better where Note's come from. But until this come for Zorin it will take to Zorin 18.

@Kenny48 Are those PDF's protected. If true, Clam will flag as PUA. Remember PUA is Potential Unwanted Application see here: PUA (Potentially Unwanted Application) - ClamAV Documentation

You can switch off PUA detection or view/ignore detections if as likely are false-positives. If you do some websearching you will discover Clam has reputation for flagging many PUA detections.

1 Like

In Zorin OS, an antivirus may be a potentially unnecessary application.

Yes and No.
I have been intelligently scanning using Clam, Rkhunter and Chkrootkit. Although Windows users are low hanging fruit for malware. GNULinux is a minority OS and malware is less widespread, but there is malware that affects linux. Always be careful when using files originally from Windows envirionment e.g. apps and data under WINE.


I am not looking for viruses, but malware.

The Gnome notification system is very lacking in that regard. The good news is that they are aware of this, and are planning on improving the notification system. But it'll be a while until these changes are seen in Zorin OS.

I found some threads asking about this and the solutions are not exactly elegant but they seem to work, at least for some people:

Consider using a virtual machine to open any files that you consider potentially malicious. Better safe than sorry.

I solved the problem. When I checked in apps that can send notifications, I found two that I did not recognize. I simply unchecked them, and the problem stopped.


If you are comfortable sharing the names of those programs, it may help others who run into this issue as well.