Hey.

Clamwin on our webserver issued an alert.
But I think it is a false positive... how can we check if it is really infected or just a false positive?

C:\Program Files\WinRAR\WinCon.SFX: Win.Trojan.Webmoner-169 FOUND
C:\Program Files\WinRAR\WinCon.SFX: moved to 'C:\ProgramData\.clamwin\quarantine\WinCon.SFX.infected'

Thank you.
K.

To verify a false positive, upload the file to either Jotti or Virus Total. Both services will check the file with multiple antivirus programs, including the Clam AV engine that ClamWin uses. If several other AVs besides Clam detect an infection, it is probably not a false positive. I like to see at least 2 of these AVs detect something: Avira AntiVir, Bit Defender, Eset Nod32, Kaspersky, and Sophos. If the file is not a Windows PE, I will accept only 1 AV because most AVs do not do very well at detecting viruses in other files. I like to use Jotti because it is smaller and therefore quicker, but Virus Total has more detailed information about a file.

If a file turns out to be a false positive detection, please upload it to Clam AV at their web site so they can correct their signature. Use the Submit A File link, and then use the Report A False Positive link--do not use the link for reporting virus infections.
Thank you for using ClamWin!

Regards,