ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
strange Files

Joined: 24 Apr 2016
Posts: 1
Reply with quote
i am using clamwin and clam sentinel since about 3 months and its ok. Some bad expiriences with installing nvidia drivers and so on.
The strange thing is that clam sentinel identifies nearly every time i use the computer two files as suspicious and moves them into quarantine.
I searched this windows files but i didnt get a good explanation of these files.

I am using MS Windows Enterprise x64, SP1, latest patches

Quarantine log:

\\?\C:\Windows\Temp\C1D2D8C4-444F-4740-86E5-CFCDD2B9B33A\de-DE\TransmogProvider.dll.mui \\?\C:\ProgramData\.clamwin\quarantine\TransmogProvider.dll.mui.suspiciousorigin42
\\?\C:\Windows\Temp\9D9DFECF-49BE-4900-B6D3-AF13B14F3AE4\de-DE\LogProvider.dll.mui \\?\C:\ProgramData\.clamwin\quarantine\LogProvider.dll.mui.suspiciousorigin43

Please help!
..and sry for my bad english.

View user's profileSend private message

Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Clam Sentinel has a lot of false positives in it, probably more then ClamWin/ClamAV does. Since Andrea (led developer) abandon Sentinel, no one has been working on it and no update for Sentinel has happened in almost 2 years now. So unfortunately, these false positives will probably never get fixed. If you exclude .dll files from Sentinel, this usually reduces the false positives. .dll files are useless unless they have a .exe file to execute them, or some other form of execution file.
View user's profileSend private message

Joined: 09 Jul 2006
Posts: 4478
Location: USA
Reply with quote
Before he left, Andrea did some coding to further minimize false detections of dll files.

Your files are probably detected by Clam Sentinel because they have a double extension and are "sloppy" like some virus files. I suggest that you whitelist (exclude) the *.mui extension (that is star dot mui) from Clam Sentinel's scans. If that doesn't work, then exclude *.dll.mui, (that is star dot dll dot mui), which should work for sure.

I think those mui files are some sort of Microsoft files which are probably not able to infect, so excluding them should not harm your security.

Let us know how it goes.

Thanks for using ClamWin/Clam Sentinel!

View user's profileSend private message
strange Files
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

 Reply to topic