Today Clamwin portable detcted a Trojan.Rootkit-3052 in the iaStor.sys files from the Windows OemDir and System32/drivers directories. This is a RAID driver that was installed on a fresh Windows XP SP3 system. I also scanned the OEM driver files from an OEM installation disk and the same virus was detected. This disk is OEM and read only therefore, cannot contract a virus. The virus scan was performed prior to today and no viruses were detected. This only occured after updating the virus definitions this morning. Please fix this, as it is disrupting our production processes here at work.

Clam AV furnishes the scan engine and signature database used by ClamWin. Please send all false positive files (and undetected viruses) to the Clam AV team. Their submission process begins at https://www.clamav.net/lang/en/sendvirus/ on the web. When you get to the submission page, if you are uploading a false positive file, be sure to change the submission type from "virus" to "false positive."

ClamWin has some protection against quarantine/removal of false positive detections in the Windows directory. If a false positive file is quarantined, you can restore it from quarantine via the ClamWin quarantine browser program, but I suggest you also exclude it from ClamWin's scans for a while via the configuration menu, filters, exclude matching filenames (example: program.exe). Clam will correct their signature with a few days, usually less.

Regards,

Thanks. The False Positive Detection has been submitted/reported.