ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
ClamWin 0.95.2 Definition Update Alarmed as a VIRUS!?!?
gonwk


Joined: 24 Jul 2009
Posts: 10
Reply with quote
Hi folks,

Today, 30 July 2009, I tried downloading the updates for Clamwin 0.95.2 and my Avira Persoanl Free version (Ver 9) had a pop-up VIRUS ALARM about one of the Clamwin updates. See attached JPG!

After my other post and problems of Clamwin 0.95.2 not wanting to update and not finalizing ... NOW this VIRUS alert!!!

Q1: What is casuing all of these problems!?!?

Q2: Has anyone else encountered VIRUS Alert problem when Requesting an Update Request?

Thanks

G! Smile
http://www.postimage.org/image.php?v=aV8ssq0
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4388
Location: USA
Reply with quote
I can't recall my Avira spotting a virus during a Clamwin signature update, but I occasionally have it pop up during a scan--because it has one of the same signatures that ClamWin puts in its temp folder while scanning. Usually it's a file hash of some kind (example: something like c9fd0e8bc6941a442046907c3fdf8f06). I'm excluding the ClamWin program data folder, which contains the database and quarantine folders (not the ClamWin Program folder).

Regards,
View user's profileSend private message
gonwk


Joined: 24 Jul 2009
Posts: 10
Reply with quote
Hi GuitarBob,

Well, I never had this problem until my other problem of not Finalizing Download or Scan started ... so!

THANKS!
G! Smile
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4388
Location: USA
Reply with quote
I'm pretty sure this is a false positive on Avira's part. It denies you access to the database file, which contains all kinds of signatures. Clam's signatures are pretty safe. I would restore the file from Avira's quarantine, disable its real-time scanner for awhile, and re-scan with another AV (say Dr. Web's Cureit). After you are sure it is safe, exclude the Clam DB directory from both Avira's scanner and guard. Avira does so well in virus tests because they have it set pretty high for detection. It does have an excellent database, however.

Regards,
View user's profileSend private message
rui


Joined: 07 Aug 2009
Posts: 1
Location: Brasil
Reply with quote
I have the same problem; when start update the clam database the avira display the message that the file was infected, and the update of database return an error.

Avira report:
7/8/2009,00:56:30 [WARNING] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus!
C:\Documents and Settings\All Users\.clamwin\db\clamav-d53af01f3ed3be1475437aca2fc4cfb7.00000a44.clamtmp

Clam error:
ClamAV update process started at Fri Aug 07 00:46:51 2009
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
ERROR: Can't parse new database C:\Documents and Settings\All Users\.clamwin\db/clamav-d9ed4c702552475408fc1b0dc79e6490.00000e14.clamtmp

The solution that i find to update the database was choice the option ignore in the Avira window, Now i have my clam database update whithout errors (i'm not crazy, i do this in my test computer)

Sorry my English, peharps with errors, but i try
Thanks
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4388
Location: USA
Reply with quote
Clamtmp files are temporary files that ClamWin uses when it is scanning--you do not see them when downloading the database. It looks like Avira is kicking in when ClamWin is scanning. Try to set it to exclude clamtmp files from Avira--both the scanner and the guard.

Regards,
View user's profileSend private message
logic25513


Joined: 03 Oct 2010
Posts: 2
Location: usa
Reply with quote
I encountered that for the past year and i didnt solve it. Sad

http://www.paretologic.com/ xoftspy
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4388
Location: USA
Reply with quote
When Avira does something with a Clam file, take the filename and then exclude that file from Avira's scans in the future.

Regards,
View user's profileSend private message
jharris1993


Joined: 20 Oct 2010
Posts: 2
Location: Worcester, MA. (USA)
Reply with quote
Interesting. . . . .

I have always heard that installing more than one active AV program at a time is the fast boat to a crashed system - since they'll have all kinds of cat-fights over this and that.

You guys are installing ClamAV alongside of Symantec (which I think PUKES big-time), and Avira (which I think ROCKS big-time) etc. etc. etc.

I would *expect* that one anti-virus program would throw fits over the other's definitions - by definition they look like viruses!

I have also seen one anti-virus program complain about the way the other's executable trys to hide/protect itself from other processes messing with it.

Thanks for any help. Just want to know what's what.

Jim
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4388
Location: USA
Reply with quote
You can install more than one AV (I would suggest no more than 2 AVs), if you only use one AV in real-time mode (on-access mode). Keep the other in on-demand mode as a backup scanner. Since Clamwin is an on-demand scanner only and does not scan in real-time, it usually "gets along" with another AV, but you can still have common signatures that may trigger.

Regardless, it is still a good idea to exclude each AV's quarantine folder and its database/signature folder (and temp scan file names if you can find them) from the other AV to minimize problems. Some people recommend that you turn off the real-time scanner when making an on-demand scan, but that is hard to do with an unattended scheduled scan. I just schedule mine for when the computer is not busy.

The Clam Sentinel front-end that turns ClamWin into a real-time scanner is pretty good for an Open Source AV. Its heuristics will spot 50%+ of unknown Windows PE file viruses. The commercial Avira is better, however, but the gap is getting narrower!

Regards,
View user's profileSend private message
ClamWin 0.95.2 Definition Update Alarmed as a VIRUS!?!?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic