 |
 | Microsoft Security Essentials detected ClamWin Temp item |  |
|
davehatpec
|
|
Been running a ClamWin scan since this morning, I come back and MSSE says one of its temp files is infected with Win32/Hadsruda!bit
https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Program%3aWin32%2fHadsruda!bit&threatid=213971&enterprise=0 [img]https://imgur.com/a/qDIi1[/img] Is this just because ClamWin stuck a scanned infected file there and MSSE noticed it? |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
ClamWin uses temporary files during scanning. If another AV detects something in a ClamWin temp file while ClamWin is scanning, it might be detecting either a file being scanned or a virus signature being used in the scan. This happens occasionally. To prevent this, I exclude the clamwin.tmp files from Security Essentials' scans. I also exclude every .exe file in the ClamWin\bin folder from Security Essentials' scans as processes that are not to be scanned. I also exclude the ClamWin\data folders for quarantine and db (database signatures). MSSE and ClamWin work pretty well together if you do this.
Thanks for using ClamWin! Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
davehatpec
|
|
Thanks, I'll look into that.
I noticed possibly a bug while trying to read ClamWin's scan log: [img]https://imgur.com/a/qDIi1[/img] Why is the path of the first virus found chopped off at the beginning? It just says oogle\Chrome\User Data\Default\Cache\f_000885: Swf.Exploit.CVE_2016_7874-5351170-0 FOUND Why is it doing that? |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
If there is really a preceding G in the address, it is probably a bug or it exceeds a size limit--in which case it would probably truncate the last item instead of the first.
We'll mention this to the developers. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
davehatpec
|
|
So this now pops up every week (probably due to some false flag in ClamWin), and here's the actual result from MSSE: The folder its found in is Temp, which I don't want to ignore, and the file found is *.clamtmp, so do I just put that into MSSE ignore? C:\Users\Dave\AppData\Local\Temp\clamav-94f9ffc5ea99828290b18ad8a9c7b7f6.000001e4.clamtmp [img]https://imgur.com/a/qDIi1[/img] --> I don't know why clicking Img button in the editor doesn't parse the [img ] tag |
|||||||||||||
|
|||||||||||||||
|
| |
|
GuitarBob
|
|
Just put clamtmp in Security Essentials' settings as a file type to ignore.That's what I do, and I'm never bothered. Also exclude the ClamWin quarantine and DB folders as folders for SE to ignore.
Regards, |
|||||||||||
|
|||||||||||||
|
 | Microsoft Security Essentials detected ClamWin Temp item | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.