| GuitarBob wrote: |
| Whenever Clam AV is the only AV detecting a file as malicious, it is almost certain that the detection is a false positive. I think you should know that by now, Dave. |
Not necessarily; maybe you didn't review the Community tab on that VirusTotal link I provided, but one person marked it unsafe and there's several malware scan reports for it (with
HybridAnalysis giving it a falcon-threatscore:85/100); there's a lot of detail you can go into with those scans if you research them, a lot of it enough to cause concern, but since ClamWin is the only one STILL reporting a problem (false positive as you say I should already know), then there's still a good reason for my post. My concern is especially with free software, and even moreso if it isn't signed with Microsoft.
Since you don't know what I know, you don't know what I should know either, so no point in that condescending comment. Useful information is what I expect here, not judgments based on assumptions.
| GuitarBob wrote: |
| When I was sigmaking at Clam AV, they got a lot of FP detections on Sality versions. They tended to get a signature for some code that was used by lots of "good" files--especially Windows OS type files. This eventually led to ClamWin developing the FP protection of important Windows files that you sometimes see and the related QRecover utility to restore files from quarantine. It looks like Clam AV sigmaking has not changed much from when I left it in 2014. At least one of the sigmakers from back then is still there. |
Thank you for this useful bit of information. I'm not sure why reporting the false positive to ClamWin hasn't cleared up this issue yet.
| GuitarBob wrote: |
| You can reinstall ClamWin, but you should use a real-time AV for primary protection and keep ClamWin as a backup scanner. I guess it could still detect something no other AVs do, but 99.9 times out of a hundred, it will be a false positive. |
I use Microsoft Security Essentials, and then sometimes install a random freeware malware scanner, or run a disc boot scanner with ethernet. It's really surprising the different things these things find without finding the same things, and I wonder how many of these free scanners have unwanted mal/spy/ad/whateverware on them, like all of the tech news articles I've read about Avast, AVG, Kaspersky, Comodo, etc, stating the consumer-unfriendly things they run on the computer or information they collect without consent or notification.
99.9 times out of a hundred leaving your door unlocked may not result in a robbery, but was that .1 time worth losing stuff? Not for me, but I'm not trying to unlock my home or car to install a virtual disc drive... I'm just trying to determine if this software is actually safe to use, and right now the jury is still out... .1% of them is saying no, so for now I'll hold off, but I'd really like to know what exactly is causing the red flag or unverified "false positive".
| GuitarBob wrote: |
| Regards, |
