False positive, you can safely ignore it.

scan your whole PC

It is a false positive.

Let me ask you, who do you trust more? Valve or ClamWin? What has Valve done to make you suspect they're putting malware in their client? You're aware of false positives, so what have you done to investigate whether it's a false positive or not?

Valve makes way too much money to start bundling malicious software into Steam, and they wouldn't want to squander twenty years worth of customer trust either, and if it was true it would be headline gaming news and literally everyone would be talking about it. So... why aren't they? False positive.

Malware software is a tool, it's not perfect and better to hit a false positive than be too lenient and let something skate on through. And you have to think that malware isn't going to conveniently identify itself for malware scanning programs to guarantee 100% accuracy.

add steam and games to the av ignore list

Report it here: https://www.clamav.net/reports/fp

What in the world is ClamWin?

WinterSolstice の投稿を引用：

What in the world is ClamWin? :csd2smile:

The Windows version of ClamAV, an anti-virus program for Unix and Unix-like operating systems such as Linux.

It is free and open source.

Wouldn't surprise me. Past year we saw a large number of supply chain attacks (from XZ to exploding pagers distributed by fake front companies in E europe). Steam/valve also seems to have added or expanded google usage (surveillance capitalism analytics), so it may be this good corporation getting infiltrated, or it may be a false positive. Most likely, time will tell which is the case.