ClamWin uses the virus signatures and scanning engine from the Clam AV for Linux project. The Clam AV virus signatures have more false detections (false positives) than many other AVs. I always scan any ClamWin detections at the Virus Total web site where they will scan a file for free with more than 50 AVs (including Clam AV). If Clam AV is the only AV detecting a file as infected--or if there are only a few (say up to 3 AVs) detecting something, it is probably a false positive. Virus Total will notify an AV of a false positive if that AV is the only one detecting a file, so the AV can correct its signature. Just to make sure, however, I always upload a copy of the falsely detected file to Clam AV at
https://www.clamav.net/contact on the web. Be sure to select the False Positive menu item.
You should be using a real-time AV as your primary AV and only use ClamWin as a backup AV. The Clam AV signatures are too few to detect many viruses, and ClamWin is not a real-time scanner--it only scans on-demand or as scheduled. IN additions, there have been no ClamWin updates for over a year now, so it is missing some new detection capability.
Thanks for using ClamWin!
Regards,
