 |
 | LATEST CLAMWIN UPDATE 91.2 IS HEUR/MALWARE |  |
|
gdiloren
|
|
False positive. I don't know. Three well-known AV on VIRUS TOTAL are giving the latest incremental update to version 91.2 tonight as possible TROJAN/WORM and HEUR/MALWARE. Have Anitivir on my system. Is this malware?
|
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
What ClamWin file does AntiVir say contains the virus? Is it in a ClamWin temp file or in the binary files? The AntiVir Heur/Malware means it is spotted through heuristics, and AntiVir has its share of false positives. Delete any Clamtmp files on your computer and see what happens then. If that doesn't work, uninstall your present configuration of ClamWin and replace it with the full 0.91.2 download. Then first scan the ClamWin program directory and then the Documents and Settings/All Users/.ClamWin directory and see what happens. If AntiVir still spots a virus, send them a copy of the ClamWin file that has the virus. You could also tell the Clam AV team about it--give them all the particulars at https://cgi.clamav.net/sendvirus.cgi on the Web.
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
alch
Site Admin
|
|
the updater file patches binary code of existing executables to reduce download size. It exhibits the behaviour which might be similar to what malware does and hence triggers the heuristics detection. I can assure you that it does not contain any malware and is a false positive.
If you are still in doubt you may download the full installer: https://www.clamwin.com/download Alch |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Send a copy of the installer file to AntiVir or anybody else that spots it as malware. Tell them it is a false positive, and they should adjust their signature if they want to do some work. AntiVir has one of the best AV engines, but they are pretty aggressive on their heuristics.
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
alch
Site Admin
|
|
I submitted it to Avira and they said it will be removed in one of the future updates
|
|||||||||||
|
|||||||||||||
|
| |
|
gdiloren
|
|
Thanks! Since only AVIRA corrected the false report on VIRUS TOTAL, and all the other 2 AV talk about "suspicious" and "possible", I proceeded to the upgrade of CLAMWIN 91.2 without having to install the whole thing. I'm pretty sure it's a big false positive now from Antivir, it's no surprise, they're jealous about offering the same paying services!!! |
|||||||||||||
|
|||||||||||||||
|
| |
|
GuitarBob
|
|
Parts of the install code are probably similar to a trojan/dropper installer. If you ever want to work with developing some heuristics, you can start with that! I imagine AntiVir will just put it on a white list instead of re-doing their heuristics.
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
b0ne
|
|
That is a bad assertion. Alch already explained why it most likely happened, assuming anything else is fool hearty. |
|||||||||||||
|
|||||||||||||||
|
 | LATEST CLAMWIN UPDATE 91.2 IS HEUR/MALWARE | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.