I've just installed a Fujitsu server and i receive a false positive from a complete o/s scan:



Because is a complete fresh install i doubt that these drivers are already infected cause they are installed from a system DVD.

Thank You
ExP

We are getting some reports of false positive detections by ClamWin that are not detected by Clam AV, which furnishes its scan engine and virus signatures to ClamWin. See if you can upload a couple of those files to Clam AV (one at a time) starting at https://www.clamav.net/lang/en/sendvirus/ on the web. Go to the false positive report link. Some people have reported that Clam AV will not accept the file because it does not detect it.

Let us know what happens.

Regards,

i try to submit one but seems the engine recognize as a virus:

Result:

This virus is already recognized by ClamAV 0.97.6/16448/Wed Jan 9 06:41:55 2013 (timezone: -0500 ) as WIN.Trojan.Agent-49406 . Be careful when submitting samples and remember to run freshclam!
Check the FAQ now



Please correct the above errors and retry.

Thank you for helping the ClamAV project.

i've submitted the first file:

C:\Program Files (x86)\Fujitsu\ServerView Suite\Installation Manager\Content\V10.11.08.09\DRV\LAN\INTEL\Pro1000147\W2K3\e1k5132.sys

I think you used the virus submission form and not the false positive form. When you get to the ClamAV sendvirus page, there are 2 links together--one is for real viruses and one is for false positive detections. Make sure you use the false positive link.

Regards,

i've sent the false positive form but no one answered.

here the virustotal check of one file as you can see only clamAV see it as a trojan

C:\Program Files (x86)\Fujitsu\ServerView Suite\Installation Manager\Content\V10.11.08.09\DRV\LAN\INTEL\Pro1000147\W2K8\e1q6032.sys: WIN.Trojan.Agent-44625 FOUND

https://www.virustotal.com/file/e3d28deb42ea0bdff8ac157064d9f662c60a18e282b310d7e19fe68fa9741c2e/analysis/

Is possible that who manage the detection engine ermove these false positive? every tiem my server is scanned receive that list.
Or add a feature to exclude folders!

ty
ExP

You will not get a receipt for false positive submissions unless you are on the mailing list for Clam signature update notifications. The receipts are included in the detailed list of signature updates. There are so many items in list of signature updates, it is hard to find anything. If you had the submission received message at the top of the page after you submitted the false positive, they have received your submission, and they will address it within a few days (say 2 to 7 days depending upon how busy they are). If you look around on the Clam AV web page, you can probably find out how to get on the mailing list for signature update notifications.

You can configure ClamWin to exclude files/folders from scans. Go to Configuration, Filters, Exclude Matching Filenames. If you exclude a folder, use this format: C:\Malware\* in ClamWin. Exclude a file in this format: filename.extension in ClamWin.

Regards,