Clamwin 0.97.7 actual - Win XP SP3 (all updates) -IBM Thinkpad T42

got
C:\WINDOWS\DRIVERS\WIN\ETHERNET\PRO1000\WIN32\E1E5032.SYS: Win.Trojan.Agent-170615 FOUND

E1E5032.sys 12.01.7007 16:05 Intel - IBM / Lenovo driver ethernet-card

? Shout I check this - or false positiv ??

thx

Sorry , edit date

E1E5032.sys 12.01.2007

The best way to verify whether a file is a false positive detection or a real detection of an infection is to upload it to Jotti or Virus Total. either service will scan the file with multiple AV programs (including our Clam AV engine) and give you the results on screen in a couple of minutes. If it is a false positive, be sure to upload the file to ClamAV via their Submit a file link (choose the false positive option) so they can correct the signature for all users.

ClamWin has protection against false positives on Windows system files and some Microsoft application files also--it will give you a false positive message in the scan log and refuse to quarantine them if detected. I think this file is suspect--malware (especially rootkits) likes to hide in driver files, and there was no ClamWin false positive warning. But you never know unless you scan with Jotti or Virus Total. On Windows PE files, I like to see at least 2 of these other AVs detect something before I believe it: Avira AntiVir, Bit Defender, Eset Nod32, Kaspersky, or Sophos. For other files besides PE files (like HTML, Java, JavaScript, Office, etc.), I will go with only 1 because AVs don't really do too well at spotting new malware in non-PE files.

Thanks for using ClamWin!

Regards,

GuitarBob
thank you for your statement.
I check this after my holidays.