 |
 | clamav kills winME when quaratine and detect broken EXEs |  |
|
galen
|
|
do not do this unless you know you can restore your OS.
I set clamav to move detected items to quarantine and check for broken EXEs. ClamAV falsely detected windows' EXE and DLLs and install CABs as being defective, hence moving them to quarantiine. If I had rebooted my OS would have been fatally wounded. I have yet to reboot after this scan and repair from the scanning... I sent in a report. Confirm if you dare. |
|||||||||||
|
|||||||||||||
 |
| Re: clamav kills winME when quaratine and detect broken EXEs | |
|
b0ne
|
|
|
|||||||||||||
|
|||||||||||||||
|
| |
|
drgoa.r
|
|
it seems that "--detect-broken" combined with "--remove" (or "--move=" ) is VERY dangerous.
my suggestion is to completely REMOVE this option ("detect broken executables") from the GUI. leave it, of course, as command line option for users who are awared what it can cause. |
|||||||||||
|
|||||||||||||
|
| |
|
sherpya
|
|
@drgoa.r
it seams?  It's very dangerous for sure, I suspect all mingw binaries would be also detected as broken executable (the PE structure it's a bit uncommon) |
|||||||||||
|
|||||||||||||
|
| |
|
drgoa.r
|
|
Detecting is not dangerous by itself, but combined with "remove" and "move" - here is the problem.
The bad thing is that these options are not on the same screen. Thus way users can just not be aware how they will reflect on the system. So, I see two ways to "fix" this: 1. Remove completely "detect broken executables" from the GUI. or 2. Put it on the General tab in Preferences and if "detect broken executables" is activated - then "report only" to be selected automaticaly. @sherpya: at my place marked as broken (and MOVED...hehe, how lucky it was not "remove" option enabled...) were all files in windows\system32\drivers folder  |
|||||||||||
|
|||||||||||||
|
| |
|
budtse
|
|
Hi,
Removing the option from the GUI preferences seams to be a good option. There are a lot of questions about the broken executable detection here, most people do not understand what it is for and think they are safe turning it on. Unless of course there is a way that we could prevent an executable that has been detected as broken to be quarantined/removed, and just report this in the log in stead. I believe this imposes some changes to clamscan, so i'm not sure if it can be easily implemented. A third option (and maybe the easiest) is to show some popup-warning whenever a user checks the option in the preferences, warning him about possible risks and explicitly saying this should not be used in normal scans. |
|||||||||||
|
|||||||||||||
|
| Broken Executables | |
|
GuitarBob
|
|
Perhaps you could "qualify" the broken executables and don't worry about them unless they are in certain directories that might indicate they are dangerous.
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
sherpya
|
|
I vote for removing it
it's not good as heuristic detection |
|||||||||||
|
|||||||||||||
|
| Broken Exe | |
|
GuitarBob
|
|
Removal is probably best.
Regards, |
|||||||||||
|
|||||||||||||
|
 | clamav kills winME when quaratine and detect broken EXEs | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.