 |
 | ClamWin identified Panda Cloud Antivirus as Trojan.Chifrax-4 |  |
|
tackyew
|
|
Dear All:
I downloaded Panda Cloud Anti Virus from the following link: https://acs.pandasoftware.com/cloud/CloudAntivirus.exe I used ClamWin Free Antivirus to scan for virus, Trojan has been detected. May I know whether it is false positive? I'm using the latest version of ClamWin 0.96.0.1, Virus DB Version: (main: 52; daily: 10849) Thanks. Scan Started Wed Apr 28 17:02:40 2010 ------------------------------------------------------------------------------- C:\Documents and Settings\Administrator\Desktop\CloudAntivirus.exe: Trojan.Chifrax-4 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 758197 Engine version: 0.96 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.13 MB Data read: 22.61 MB (ratio 0.01:1) Time: 23.641 sec (0 m 23 s) -------------------------------------- Completed -------------------------------------- |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
The best way to tell if a file is a false positive is to upload it to either Jottii at https://virusscan.jotti.org/en or VirusTotal at https://www.virustotal.com/ on the web. Either service will scan your file with multiple AV products, including Clam AV, which provides the scanning engine/signatures for ClamWin. If several other AVs besides Clam find a file is infected, it probably is. If not, then it is probably a false positive and you should tell Clam AV about it at https://www.clamav.net/lang/en/sendvirus/ on the web. When you get to the submission form, be sure to check the false positive radio button, and tell them the exact name of the false detection and the Jotti/VirusTotal results in the description block. Clam will adjust their signature to correct the false positive, and you will be helping other ClamWin users.
I like to see at least 5 AVs in total verify an infection, but if a couple of these are in the AVs that spot an infection, you can probably believe it: Avast, Bitdefender, Kaspersky, NOD32, Sophos, Symantec, Microsoft, McAfee. In this case, it is probably a false positive, but you should verify it first. Panda would not put an infected file up for download. Most likely, their downloaded code is similar to that used by some trojan. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
tackyew
|
|
Hi Guitar:
Thanks for the reply. Yes, before I post this topic, I had uploaded the file to virustotal.com, but unfortunately they could not accept the file because it is too big. You may download the same file from Panda Security and try yourself.
|
|||||||||||||
|
|||||||||||||||
|
| |
|
GuitarBob
|
|
Yes, the maximum file size that Jotti/VirusTotal can take is 20 MB. I downloaded the file and checked it with another AV and it was clean per the AV. I was able to upload it Clam for correction of their signature. It will take a couple of megabytes more than 20 MB.
It may take a couple of days for Clam to correct their signature. Until then, if you want to run the file, you can exclude it from ClamWin's directory scans (but not an individual file scan) by putting the entire file name with extension in ClamWin's filters on the left side. Regards, |
|||||||||||
|
|||||||||||||
|
 | ClamWin identified Panda Cloud Antivirus as Trojan.Chifrax-4 | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.