This is the ftp server that has been running along with clamwin for over 3 years on my server.

I will set clamwin to do nothing with it. Just so you know.

Gary

Just to be sure, I suggest you upload the file to Virus Total or Jotti on the web. Either service will scan files for free (one at a time) with multiple AVs, including Clam AV, which furnishes the scanning engine for ClamWin. If several other AVs say it is infected, it probably is for real. I like to see a couple of these AVs verify an infection: AntiVir, Avast, Bit Defender, NOS 32, and Sophos. If the file turns out to be a false positive, submit it to Clam AV so they can correct the signature.

Lately there have been some false positives (primarily generic/heuristic detections) due to ClamWin still using the previous scan engine instead of the new one, but this detection does not look like that is the case here. ClamWin is now testing its Windows port of the new Clam engine, and it should be ready for release soon.

Regards,

Hi gbsjr
its the same for me. 30 min ago ClamWin put my BulletProof FTP server into quarantane!
More AV tests are useless as this .exe-file may have the structure of a virus but it is, in fact, a ftp server.

Coding folks, you should change the engine or give us the chance tu EXclude some files we do not want to be tested. Other AV software has this simple feature.
Thanks a lot for a quick update.

Doxxxer

You can exclude files or folders from ClamWin's scheduled scans via configuration, filters, exclude matching filenames. Example for a folder: C:\Users\Bob\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine on my machine. Example for a file: xtoph.exe on my machine.

Clam AV furnishes the scan engine and signature database for ClamWin. All false positives (and undetected viruses) should be submitted to Clam AV, which can be accessed via the ClamWin menu: Help, About, Clam AV and then Submit A File on the Clam AV home page. If it is a false positive, on the submisson page, be sure to choose "false positive". Put the name of the false positive detection or undetected virus in the comments section.

The Clam AV sigmakers should fix the false positive or get a signature for an undetected virus within a couple of days. Sometimes a false positive might take a bit longer, as the original sigmaker is generally responsible for his own corrections and may not be available. Clam has one full time sigmaker and several part-timers. It's a small outfit not funded by most of its users, as is ClamWin.

Regards,

@GuitarBob:
Thanks a lot! You solved my problem.

Thread could be closed now ...

Doxxxer