Few templates detected as infected from the malwarebytes and clamav

[faizu6]

Malwarebytes Report
Name------------------------------------------Type-----Category------Action--------------------------------Location
Webshell.Generic.118---------------------File------Malware------Quarantined------nuclei-templates/http/cves/2017/CVE-2017-12615.yaml
Backdoor.Generic.LinuxTsunami-------File------Malware------Quarantined------nuclei-templates/file/malware/linux-tsunami-malware.yaml

My malware bytes report showed these two templates as malware and I want clarification on this if someone could please provide.

I also got a clamav infected file for the below mentioned template;
nuclei-templates/http/vulnerabilities/other/kingdee-erp-rce.yaml
I have scanned it using virustotal and got the below mentioned output.

Please provide the clarification for it, if possible.

Thanks,
Faizan

[DhiyaneshGeek]

Hello @faizu6 ,

It seems like there is some confusion so let's clarify things. The files your antiviruses flagged as "malware" are not actually malicious, they are just 'templates' used by a program named 'Nuclei' for vulnerability scanning. These templates contain information on how to identify certain types of vulnerabilities on target systems.

The concept of these templates is akin to a blueprint of a building. The blueprint, on its own, cannot cause harm and merely describes how a construct (in this case, a vulnerability) can be built or identified.

1.	Webshell.Generic.118 is just a template to check for the vulnerability CVE-2017-12615, which is a specific vulnerability in some versions of Apache Tomcat.
2.	Backdoor.Generic.LinuxTsunami is a template that can identify the infamous Linux Tsunami backdoor if it were present on a system.
3.	kingdee-erp-rce.yaml is a template designed to identify a remote code execution vulnerability in Kingdee ERP software.

These files are being flagged as 'malware' by your antimalware solutions because they contain patterns that match known vulnerabilities. It's similar to a textbook on viruses being detected as an actual virus.
Remember, these templates can't "harm" your computer – they are not executing any malicious code on your system. However, if used as part of a vulnerability scanning process against an insecure system, they could help identify weaknesses.

I hope this clears up your concerns. If you have any more questions, feel free to ask.

Thank you