I setup clamav just some hour ago using the arch wiki and have also gotten false positives in carla, xterm and uxterm. All these false positives are from the background scanner, or whatever it is called.

Here you have my manual scan. I also reinstalled wine, oh and it flagged wine/mtree as containing credit card numbers...

[user@system ~]$ clamscan /usr/lib/wine/x86_64-windows/kernel32.dll Loading: 16s, ETA: 0s [========================>] 8.70M/8.70M sigs Compiling: 3s, ETA: 0s [========================>] 41/41 tasks /usr/lib/wine/x86_64-windows/kernel32.dll: OK ----------- SCAN SUMMARY ----------- Known viruses: 8704732 Engine version: 1.4.2 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 2.46 MB Data read: 2.32 MB (ratio 1.06:1) Time: 22.854 sec (0 m 22 s) Start Date: 2025:02:16 01:16:50 End Date: 2025:02:16 01:17:13 [user@system ~]$ clamscan /usr/lib32/wine/i386-windows/kernel32.dll Loading: 15s, ETA: 0s [========================>] 8.70M/8.70M sigs Compiling: 3s, ETA: 0s [========================>] 41/41 tasks /usr/lib32/wine/i386-windows/kernel32.dll: OK ----------- SCAN SUMMARY ----------- Known viruses: 8704732 Engine version: 1.4.2 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 2.05 MB Data read: 1.93 MB (ratio 1.06:1) Time: 22.764 sec (0 m 22 s) Start Date: 2025:02:16 01:23:21 End Date: 2025:02:16 01:23:44 [user@system ~]$ pacman -Qkk wine wine: 4177 total files, 0 altered files [user@system ~]$ 

Edit: Here you have the messages clamav keeps spamming:

Virus found! Signature detected by clamav: PUA.Win.Packer.Embedpe-3 in /usr/lib/wine/x86_64-windows/kernel32.dll Virus found! Signature detected by clamav: PUA.Win.Packer.Embedpe-3 in /usr/lib32/wine/i386-windows/kernel32.dll 

Edit2: Here you have what I mentioned about the credit card number:

Virus found! Signature detected by clamav: Heuristics.Structured.CreditCardNumber in /var/lib/pacman/local/wine-10.1-1/mtree 
submitted by /u/OutrageousFarm9757
[link] [comments]