Hi all, this is my first post here.

I started using ClamWin Antivirus several weeks ago in addition to Avira AntiVir PersonalEdition Classic (https://www.avira.com/en/pages/index.php). Since ClamWin is yet to provide real-time scanning, I think it does not clash with Avira (which provides real-time scanning). Anyway, there has been no problem until this morning when I tried to update ClamWin. I received detection by Avira that one of the file used in ClamWin, which is win32event.pyd, contains suspicious code HEUR/Crypted.

This detection did not happen prior to this morning.

Some background information, ClamWin version used:
Version 0.88.6
Virus DB Version: main 41, daily 2285
Updated: 21:58 05 Des 2006

Avira version used:
Virus definition file V6.36.01.133 05/12/2006
Search engine V7.02.00.49 05/12/2006

Computer used:
Intel Pentium 4 2.4GHz
1GB RAM, 32MB VGA RAM
Win2K Service Pack 4

I have already notified Avira through their website. This maybe just a false alarm, but I just thought of letting both sides know about it.

but McAfee checks that file as clean (not infected, nor a virus.)

Could definitely be a false positive.

I wasn't aware Clamwin was still coded in python?

Kyle

You can check for free any file you think is suspicions at AV-Test.Org. The service is very fast (depending upon work load), and they check your file with multiple antivirus programs.

Regards,

It turned out to be a false positive. Here is the e-mail I received from Avira:

HEUR/Crypted is a generic heuristic that Avira reports when it thinks it encounters an unknown encryption/compression/obfuscation. It does not mean the file has "suspect code" in it. That is the heuristic called "Heur/Malware."