ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Can't upload false positive
Freeze


Joined: 30 Jun 2016
Posts: 5
Reply with quote
Hello, I've been trying to submit false positive files to:
http://www.clamav.net/reports/fp

"The submit false positive report" is not enabled to work. It appears "grayed" and showing "not allowed" icon cursor. I filled all the fields.
This is one of the false positives:

midhost.dll

part of Adobe Audition 3

Any Ideas?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4279
Location: USA
Reply with quote
Hmmm. Strange. However, I suggest that you scan the file on the Virus Total online scanner. If Clam AV detects it in error, Virus Total will send a sample of the file to Clam AV so they can correct the signature. It may be a few days or longer before Clam AV gets around to correcting it, however. In the meantime, whitelist the file in ClamWin so it will not falsely detect it. Check the file on Virus Total once in a while, and when Clam AV no longer detects it, you can delete the file from ClamWin's whitelist.

Regards,
View user's profileSend private message
Freeze


Joined: 30 Jun 2016
Posts: 5
Reply with quote
Ok. I scanned it at virus total. Smile
View user's profileSend private message
aethel


Joined: 21 Jan 2017
Posts: 2
Reply with quote
Looks like the same problem.

The Virus scanner indicates that the file is not uploading.
After selecting it, what looks like a red upload progresses
but the file name doesn't show so maybe the red progress
bar means its being submitted.
When I click on submit it takes me to a success page.
When I go back to the page the name of the file appears.
So . . . did the file upload or not? I don''t know.

I'm concerned because using both Jotti and Anit Virus
only ClamAV shows there is a virus. Is it false positive
OR do the other programs even check it, since they are
digitally signed by microsoft.

These two ieframe.dll.mui files are on my Windows10 partition.
Wondering if anyone else has submitted them.

F:\Windows\WinSxS\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.0.10586.17_en-us_47a5836ee956c188\ieframe.dll.mui: Win.Trojan.Agent-1854011 FOUND

F:\Windows\WinSxS\Temp\InFlight\4f28e2dc2533d201a4050000bc08f802\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.0.10586.212_en-us_40a785e15611f353\ieframe.dll.mui: Win.Trojan.Agent-1854011 FOUND
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4279
Location: USA
Reply with quote
After a successful upload and scan at Virus Total, you will see two icons that you can click on one of them to give your opinion as to whether or not is is infected. If you see that, the file was successfully uploaded and scanned. If you don't see these icons, the file was not uploaded and scanned. There is a size limit to files that can be uploaded to Virus Total, but it will probably tell you if the file is too large.

Participating AVs at Virus Total get copies of all infected files that are not detected by the AV, and they also get copies of files that are falsely detected by the Av.

If you know/calculate the file hash of a file, you can do a search on Virus Total to see if a file with that hash has been scanned. Virus Total will give you the scan results if it has previously been scanned.


Regards,
View user's profileSend private message
aethel


Joined: 21 Jan 2017
Posts: 2
Reply with quote
Thanks GuitarBob. So no need to upload to ClamAV if everyone is informed about uploads from Virus
Total. (I will check the hastags next time.)
So . . . it is a mystery why ClamAV still returns a "false positive" (apparently) response.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4279
Location: USA
Reply with quote
Every AV does not have the same virus signatures. Since ClamWin uses the Clam AV virus signatures and scan engine, we are subject to any false positives that Clam detects. Clam seems to ignore the valid digital signatures--even from Microsoft. However, ClamWin does have some separate protection for important system files and will not quarantine one of them--it will just give you a false positive message with a note to tell Clam Av about it.

Thanks for using ClamWin!

Regards,
View user's profileSend private message
Can't upload false positive
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic