|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
 Posted: Thu Jan 14, 2010 2:46 pm |
|
 |
 |
|
|
ClamWin comes with 3 options for treating infected files. The default option is Report Only. The other 2 options are Remove (use carefully) and Quarantine. The options can be changed in the ClamWin Configuration-General tab. The reason the default is Report Only is so you will not lose an important Windows or program file if ClamWin has a false positive detection on an important file. If this happens, you could/will lose access to your Windows operating system or an important file--like MS Office, etc. A false positive detection is when a "good" file looks enough like it has a virus to trigger a false detection by ClamWin. A virus can use code that is from a "good" program--nothing can stop that.
What you should do when you get an infection notice from ClamWin is to upload the file to Jotti at https://virusscan.jotti.org/en on the web or to VirusTotal at https://www.virustotal.com/ on the web. Either service will scan a file for free with multiple antivirus programs and give you an on-screen report as to which AVs found an infection. If only a couple of AVs (besides Clam) find an infection, it's probably a false positive, and you should tell Clam AV about it, starting at https://www.clamav.net/sendvirus/ on the web. Clam AV furnishes the signatures and scan engine used by ClamWin. Upload the file and fill out the form--be sure to tell them it is a false positive and the name of the falsely detected virus. You can also upload infected files that Clam doesn't yet spot. You will be helping to improve both Clam AV and ClamWin.
I like to see a couple of these AVs find an infection on Jotti/VirusTotal before I believe it: Kaspersky, McAfee, Microsoft, Nod32, Symantec, Trend Micro. Bitdefender, Sophos, and Avira AntiVir are also good, but they have more false positives.
Regards,
|
