Here’s some conjecture for you, based partly on an understanding of Seafile and more on previous working knowledge of AVG’s trends with pattern updates and heuristic detection.
CCNET is a fairly intrusive and unique sort of network service, from AVG’s perspective, as you can see from the diagram on the components overview wiki article (
https://github.com/haiwen/seafile/wiki/Seafile-server-components-overview), CCNET calls to the listener on the Seafile server and receives from the same. So, from AVG’s perspective, what you have is an open call daemon chattering about something opaque to AVG’s detection methods.
As I said though, this is conjecture, so seek out some confirmation. Ask the vendor (hopefully you have a current support agreement), and test against a freshly obtained Seafile client connecting to a different Seafile server (say, the
seacloud.cc service). Ensure the origin is correct and no DNS subversion has taken place causing you to obtain rogue clients.
That’s about as paranoid of a checkup as I can think of as reasonable.