I get a virus detection for the following file: c:\program files (x86)\yahoo!\messenger\rgx.dll . I found that computers that did not have the latest virus definitions weren't able to detect this. However, once the new definitions were loaded, the virus was detected. I uninstalled and reinstalled the messenger files and the same results occurred. I ran the VirusTotal program and only ClamWin and AVG found issue of around 50 scanning programs. Please assist. I sent to ClamAV and they said that they're software doesn't detect this virus.

You can submit false positives to ClamAV via this link: https://www.clamav.net/lang/en/sendvirus/ there is a link for you to submit false positives there. If you include in the message the virustotal link, they might look into what the issue is. This progress will take a few days, so in the meantime you can ignore the file. AVG is also known to have false positives to, so I am sure that it's a false positive.

I submitted my false positive to ClamAV via the link provided. They wrote back immediately stating that the ClamAV virus definitions do not find the win.trojan.ramnit-2501 virus. What more can I do?

The file is probably detected by ClamWin .98.3 and not by the new Clam AV .98.4 detection engine. ClamWin has not ported the Clam AV engine over to Windows yet--will probably do that in a couple of weeks. All you can do now is to exclude/whitelist the filename.extension in ClamWin.

Each Clam AV version has new detections/improvements that ClamWin can not handle until the ClamWin developers synchronize their version with Clam AV. The detection is probably due to a new signature type that ClamWin can not process yet.

Regards,