ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Clamav scan infected

Joined: 20 Mar 2016
Posts: 4
Reply with quote

My scan reports say below file got infected, but I rescanned this file via other AV which results in positive.

Can anyone tell us is this alert is genuine?

/data/docker/devicemapper/mnt/d712e7b470840e611d21c45f6d93d076af8f28f7171917d02d49f99a89c93eb1/rootfs/usr/local/bin/pyzsendmail: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 4631797
Engine version: 0.99.2
Scanned directories: 19576
Scanned files: 130864
Infected files: 1
Data scanned: 4799.52 MB
Data read: 111057.44 MB (ratio 0.04:1)
Time: 422.152 sec (7 m 2 s)
View user's profileSend private message

Joined: 09 Jul 2006
Posts: 4388
Location: USA
Reply with quote
It looks like the file is infected with the EICAR test file, which is just a harmless test file designed to prove an AV is working.

Of course, it could be a virus that contains the EICAR file to hide itself, but if you have scanned it with another AV that found nothing, it may be okay.

Let me suggest that you scan the file on Virus Total, where it will be scanned with 50+ AVs. including the Clam AV scan engine used by ClamWin. If only Clam AV detects it, then whitelist the file in ClamWin so it will not be detected in the future.

I like to see at least 2 of these AVs on Virus Total detect something before I believe it is infected: Avira, Bitdefender, Eset Nod 32, Kaspersky, or Sophos.

Thanks for using ClamWin!

View user's profileSend private message
Clamav scan infected
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

 Reply to topic