Hello,
i use ClamWin for daily sheduled scan (by the way its still not possible to select multiple hard discs at once for scheduled scan, would be helpful). There is always the same file "dirt3.exe" where it finds a trojan false positive. And i get everyday a "mail" for it. is there a way to "whitelist" files?
I already checked the ClamWin Settings, all i found was "Filters" and ther ei put in a new filter for "dirt3.exe" (had to write it manually) at "exclude matching filename". But when i check the directory it still reports dirt3.exe to have a trojan.

Any ideas how to make CW ignore specific files?

thanks for your help!

Here is an example of a printer file that I have been excluding lately because Clam AV has not yet gotten around to fixing their false positive: C:\Program Files\Brother\BRHL2170\brdefprn.exe

I suggest that you exclude the entire directory listing--not just the file. If you exclude just filename.exe, a virus with that name would not be detected.

Of course, you will verify each file with either the Jotti or Virus Total online scanners--right? And you should upload false positives to Clam AV so they can correct them. Start at https://www.clamav.net/lang/en/sendvirus/ on the web. There is one link to report a false positive and another link to report an undetected virus. Clam AV furnishes the scan engine and signatures for ClamWin.

Thank you for using ClamWin!

Regards,

Really???
That's not good.
I guess excluding a directory is an answer but in the mean time it is problematic as are the false positives.
Even flagged some files from my EMISOFT anti virus anti malware program.

Don't exclude the entire directory--just exclude the directory listing--such as C:\ClamWin\bin\freshclam.exe. If you just exclude the file, there could conceivably be a virus infected file with that name somewhere else at some time. By excluding the entire directory listing, you minimize that. Be very specific with your whitelisting if at all possible.

Clam AV (which furnishes the scan engine used by ClamWin) is designed for Linux email servers. These servers are not very much concerned with false positives on a Windows system--they are primarily concerned with email attachments. So, therefore, ClamWin (using the Clam AV scan engine) will have more false positives than a lot of other AVs. It's the price we pay for being a free, resource-poor AV that did not have to develop its own scan engine! ClamWin does have protection against quarantining valid digitally-signed Microsoft system files.

I suggest that you whitelist the program folder(s) of another AV from ClamWin's scans. At the least, you should whitelist the primary executable files (.exe files) in the other AV's folder, and you should also whitelist the ClamWin program folder or files from the other AV's scans.

Regards,