ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Problem to false positive
ChanKinYi


Joined: 14 May 2019
Posts: 3
Location: Hong Kong
Reply with quote
Excuse me:
Why do I scan F drive but the result of false positive files has been indicated to c drive?
But there are without such false positive files at the mention of sub-directory on my hard disk drive!
After the reinstall of ClamWin anti-virus, the problem is appearing! How can I solve it?
Thank you very much!



https://postimg.cc/VJXXPJmx
Crying or Very sad Crying or Very sad Crying or Very sad Crying or Very sad Crying or Very sad
View user's profileSend private messageSend e-mail
GuitarBob


Joined: 09 Jul 2006
Posts: 4552
Location: USA
Reply with quote
Let me see if I understand what is going on. You scan the F drive on your computer, and ClamWin says there are some false positives on drive C. Furthermore, there is no folder/subfolder that has the files that are falsely detected. Is that correct?

I have read that in a recent Windows 10 update some USB-type drives were renamed. I have this problem on my wife's Win 10 box and am unable to use a USB on her machine. I have been waiting for Microsoft to correct this. Perhaps this is related to your problem.

You may be able to stop your ClamWin problem if you whitelist the files that ClamWin says are falsely detected. What do you think?

Regards,
View user's profileSend private message
ChanKinYi


Joined: 14 May 2019
Posts: 3
Location: Hong Kong
Reply with quote
Excuse me:
Because I can't find out such false positive files on the mention of sub-directory,
therefore I can't upload it to ClamAV!
Moreover, after every time of scanning for F drive, such false positive files had been automatic changed their filename!

I'm very confusing!
View user's profileSend private messageSend e-mail
GuitarBob


Joined: 09 Jul 2006
Posts: 4552
Location: USA
Reply with quote
How do you know these are false positives if you can not locate them?

Does ClamWin put anything in its quarantine folder after scanning? It is located at C:\ProgramData\.clamwin\quarantine on your computer.

If nothing is in quarantine, make sure the ClamWin Infected File Option (General Options) is set to Move To Quarantine Folder. Then scan the F drive and see what happens.

I suggest that you also scan your F drive with another antivirus besides ClamWin and see what happens. Try Eset's Online Scanner (free) and/or Malwarebytes Free. Malwarebytes will not take as long to scan as Eset.

Regards,
View user's profileSend private message
ChanKinYi


Joined: 14 May 2019
Posts: 3
Location: Hong Kong
Reply with quote
Excuse me:
After the scanning of F drive, ClamWin indicate that the false positive virus is Win.Malware.Sivis-6757537-0.
Totally 9 files had been infected with the false positive virus. The infected files are locating at C drive, and the directory of path is
C:\users\user\appdata\local\temp\clamav-1e30f8352b141755d40192854fa5813e.000074a4.clamtmp
and so on.
View user's profileSend private messageSend e-mail
GuitarBob


Joined: 09 Jul 2006
Posts: 4552
Location: USA
Reply with quote
Clamtmp files are temporary files that ClamWin uses during its scanning. It sounds like it is detecting some temp files for some reason. There is no false positive virus detection. Whitelist C:\users\user\appdata\local\temp\*.clamtmp. The filename is star, dot, clamtmp. That should solve your problem.

You can whitelist via Tools, Preferences, Filters, Exclude Matchine Filenames. Click the square box and put C:\users\user\appdata\local\temp\*.clamtmp in the opened dialog box and click OK. Do this for each falsely detected file.

Regards,
View user's profileSend private message
Raul


Joined: 21 Jul 2011
Posts: 31
Location: Spain
Reply with quote
GuitarBob wrote:
Clamtmp files are temporary files that ClamWin uses during its scanning. It sounds like it is detecting some temp files for some reason. There is no false positive virus detection. Whitelist C:\users\user\appdata\local\temp\*.clamtmp. The filename is star, dot, clamtmp. That should solve your problem.

You can whitelist via Tools, Preferences, Filters, Exclude Matchine Filenames. Click the square box and put C:\users\user\appdata\local\temp\*.clamtmp in the opened dialog box and click OK. Do this for each falsely detected file.

Regards,


Did he try to upload to virus total to check thats it's a false positive?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4552
Location: USA
Reply with quote
It looks like a Clam AV virus signature is being detected in a temp file during scanning. This is not a virus, and he should follow my instructions.

Regards,
View user's profileSend private message
Raul


Joined: 21 Jul 2011
Posts: 31
Location: Spain
Reply with quote
GuitarBob wrote:
It looks like a Clam AV virus signature is being detected in a temp file during scanning. This is not a virus, and he should follow my instructions.

Regards,


Ok! Excuse me!
View user's profileSend private message
Problem to false positive
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic