ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Suppress Detection Warnings On Valid Digital Signatures
GuitarBob


Joined: 09 Jul 2006
Posts: 4390
Location: USA
Reply with quote
ClamWin Developers:

Why not suppress warnings about detections on Microsoft files with valid digiatal signatures? It has been almost a month now since I sent several Nimbda false positive detections on Win system32 files with no corrections yet by Clam AV. I have sent the files about 3 different times, and I have scanned them on Virus Total hoping Clam would get the false positive report that way. No results!

Therefore, I suggest that you eith suppress these ClamWin scan warnings or remove the admonition to report them to Clam AV--it is enough that Clam Win users are protected from these false positives. It will not do much good to report them to Clam AV.

Additionally, why not extent this detection to all files with valid digital signatures? Nearly all such files will be clean.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
+1, although, I thought ClamWin was designed to have immunity against false positives on valid digital signatures files?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4390
Location: USA
Reply with quote
ClamWin has immunity from quarantining files with valid Microsoft digital sigs but ClamWin users still get a scan message telling you the file was falsely detected (that is okay), along with a request to send the file to Clam AV so they can correct their signature. Sending the file to Clam AV is not okay because Clam Av either fails to act to correct their signature or takes too long to do so. Because of this reality, ClamWin needs to either suppress these scan notices or eliminate the request to submit the file to Clam AV.

I do not think there is any protection for any falsely-detected files except those of Microsoft. The existing FP Microsoft detection code can/should be expanded to include false positive detection on any valid digital signature. Additionally, for a ClamWin malware heuristic, any file that has an invalid digital sig is suspect; however, some developers do not bother to get a new digital sig for old program files when the digital sig expires, so this would have to be considered. You could look at the date or some other file characteristics, but that would require some new ClamWin code that doesn't come from Clam AV...

Regards,
View user's profileSend private message
Suppress Detection Warnings On Valid Digital Signatures
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic