Does the "Win" mean it's only harmfull to Windows? I'm on a Linux system.
No. You probably know DLLs as a Windows-specific concept, but they may run on other OSes too: Pinta is built on top of Microsoft's .NET framework which offers cross-platform support. When you run Pinta on Linux, you're executing a .NET runtime for Linux that enables you to handle those DLLs even though they're not native.
Can anyone give me advice on this?
When dealing with an unknown file on your system, a good start is to try to find out where it comes from and what it's supposed to do. So let's check the Pinta source code.
From Pinta.Core/Pinta.Core.csproj
:
<Project Sdk="Microsoft.NET.Sdk">
...
<ItemGroup>
...
<PackageReference Include="ParagonClipper" Version="6.4.2" />
</ItemGroup>
...
</Project>
This PackageReference
lists "ParagonClipper" as a dependency. When you download version 6.4.2 of the package from here, you should find that it includes a Clipper.dll
identical to the one on your system.
So this appears to be a .NET port of Clipper which "performs clipping and offsetting for both lines and polygons" - i.e. a library used by Pinta for clipping in the computer graphics sense, and not related to the system clipboard as the Trojan.Clipper
finding suggest. Also note that 6.4.2 is listed as the latest release since 2018, and a scan report on VirusTotal shows that ClamAV appears to be the only vendor that detects it as malicious. Update: The file now scans as unsuspicious by ClamAV as well.)
So, on the surface this may be a legitimate library that Pinta has required for years. But of course this is all circumstantial. And the usual caveats apply, such as not to analyze a potentially infected system from within itself.