|
kernaljake
| Joined: 11 Aug 2013 |
| Posts: 0 |
|
|
|
 Posted: Sun Aug 11, 2013 7:58 pm |
|
 |
 |
|
|
Hi,
I recently used ClamAV in a GNU/Linux distribution to scan my entire system, including a Windows partition. It found two infected files on the Windows partition, one in Program Files and one in Program Files x86, so I believe they were just different versions of the same file. When I scanned the hard drive in Windows using Trend Micro Titanium and Microsoft Security Essentials, it found no infections what so ever. I also do not believe that my system is actually infected. I am aware of the file submission forum on the ClamAv homepage, however, I do not know if I still have access to the "infected" files to submit them. I do, however, have the scan log file that I can submit if it will help.
I believe this may have been a false positive. Any help on reporting this will be very much appreciated.
- kernaljake
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Sun Aug 11, 2013 11:13 pm |
|
|
|
|
|
All false positives (Linux and Windows) should be reported to Clam AV starting at https://www.clamav.net/lang/en/sendvirus/ on the web. This page has one link for false positives and another link for undetected viruses, so be sure to choose the correct link. You can verify detections or false positives by scanning them with either the Jotti or Virus Total online scanning services. I like to see at least 2 of these AVs detect a file as infected before I believe it: Avira AntiVir, Bitdefender, NOD32, Kaspersky, and Sophos.
Clam AV can not do anything with a scan report--they need to work with actual files. If you had Clam set to quarantine on your machine, any detected file should be in the quarantine folder.
Regards,
|
|
|
|
kernaljake
| Joined: 11 Aug 2013 |
| Posts: 0 |
|
|
|
| Posted: Sun Aug 11, 2013 11:37 pm |
|
|
|
|
|
Hi guitarbob and thank you for your reply! I submitted the file in question via the false positive submission form. I am not sure if Clamav is setup to quarantine files on my system.
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Mon Aug 12, 2013 1:19 am |
|
|
|
|
|
I can't help much with Clam AV, since I use ClamWin, which has a graphical user interface to do the user configuration. My ClamWin configuration file has these options related to quarantine:
quarantinedir = C:\ProgramData\.clamwin\quarantine
maxlogsize = 1
moveinfected = 1
I have my copy of ClamWin configured to move detected/infected files to the quarantine folder. Clam AV probably has similar options if you can find the configuration file.
Regards,
|
|
|
