GuitarBob
Joined: 09 Jul 2006 |
Posts: 9 |
Location: USA |
|
 |
Posted: Sun Sep 06, 2009 9:27 pm |
|
 |
 |
 |
 |
I like to verify something is a real infection (not a "false positive" detection) before removing it. ClamWin comes with a default action for infected files of Report Only, but you can change it to Quarantine or Remove. If you are sure something is a virus, you can temporarily change the default for infected files to Quarantine or Remove, scan the infected file or its directory, and then change the default back to Report Only. You can also just manually delete the infected file.
To verify if something is a real infection, upload it to Jotti at https://virusscan.jotti.org/en on the web or to VirusTotal at https://www.virustotal.com/ on the web. Either service will scan files (one at a time) for free with multiple antiviruses, including Clam AV (which furnishes the scanning engine and signature database for ClamWin). If more than a few AVs (I like to see at least 5) find a file is infected, it probably is a real infection.
If a file turns out to be a false positive detection, go to the Clam AV submission page at https://www.clamav.net/sendvirus/ on the web. When you get to the uploat page, upload the file that is falsely detected, indicate that it is a false positive, tell them the exact name of the false positive, and tell in the comments section why you think it is a false positive. Clam will correct their signature in a day or so. You will also be helping ClamWin to be a better product!
Regards,
|