Hi, strange bug - i opened visual studio 2003 and build simple "hello world" c++ program. And clamav 0.98.7.0 antivirus show false detect PUA.Win.Packer.Armadillo-65.
But I didn't pack it by any packer.
file sample https://fex.net/#!658881009763

I recall reading about a malware recently with a "hello world" remark. Do you have PUA detection enabled? You should not because there are lots of Clam AV packer detectons and other usually harmless items that trigger a detection notice. If you use PUA, I strongly recommend that you disable it. We disabled it on Clam Sentinel for that reason.

Regards,

The problem is: my client ordered mini usefull program , which choose needed wifi/lan network (if one network is off, program choose another according settings). But he has clamav installed on pc, and i can't say him in this situation "please open your antivirus and disable something" - it is like very suspicious from my side. So i started to deep into this situation and discover, that all programs compiled and builded by visual studio 2003 .Net are detected as PUA.Win.Packer.Armadillo-65 even "hello world". This is real bug in detection, file has normal entrophy, i wondered if simple program wrongly detected and also any code builded by vs 2003 .net, and as i understand from your words - it is like normal situation.

Yes, it appears to be a normal situation. You can exclude/whitelist the files in ClamWin that are being detected by the scan engine as they are discovered. If your client is using another AV besides ClamWin, you could exclude the folder(s) if all files are in only one or two folders--the other AV will probably provide enough protection in this case.

The ClamWin developers recommend another, real-time AV be used and ClamWin used only as a backup scanner.

Regards,.