I scanned my friend scomputer and didnt found a single virus.and after that i used AVG antivirus it found 7 viruse files.
i found avirus file and scanned it clamwin gave me error that it couldn't open the file .It detected virus but it could not open the virus infected file for processing . doesanyone came across such error .
Plz reply

Antivirus software programs (AVs) differ in their capabilities and their signature databases. Sometimes one AV will have a signature for a virus and another AV will not have the signature yet. Sometimes an AV will spot a "false positive" in a file, which means there is no virus but it thinks there is. Submit your files that you think contain a virus to Jotti at https://virusscan.jotti.org/ or Virus Total at https://www.virustotal.com/ or at Virscan at https://virscan.org/ to see if other AVs find a virus in the file. If a couple of AVs find a virus, it is probably a real virus and not a false positive. If you use ClamWin, and it does not spot a virus, you can help by sending a copy of the file with the virus to the Clam virus analysts at https://cgi.clamav.net/sendvirus.cgi where they will analyze the file and prepare a signature for the signature database so that Clam and ClamWin will find it in the future.

Not every file that can't be opened contains a virus. Some files can't be opened because they are locked by the system, and no file can be scanned if it is in use during the scan. If you are worried about a file, upload a copy of it to one of the scanning services I mentioned--Jotti, VirusTotal or Virscan.

Regards,

Thanks for the reply Guitar bob .
Right now i liked the two idea
1. Upload the file to jotti,virscan,virus total
2. Upload to Clam anti virus analyst so that they can add the virus signature to signature database

I need to know weather i can use Clam win anti virus on my machine .My machine is 24 hours connected to net .
Is it developed that good or it is in the process of development .

my another question is why is clam win anti virus so slow .it scans 10 times slower than AVG anti virus.
Or i downloaded wrong version .

i want to know why it doesnt support proxy settings it is for only standalone users and not for the companies who use proxy server.Are they(developers) going to develop the proxy settings or not .

I am very excited about this software as i get to see the code also and i will know how this thing is developed and how it works.
thanks man plz reply

ClamWin uses the ClamAV engine/signatures from Linux and puts a graphical user interface to it. ClamWin is still in a beta version, and it is an on demand file scanner--it does not scan real time/on access. The current version is 0.91.2. Version 1.0 is supposed to have real time/on access abilty, but there is no release date.

There are settings in the ClamWin Preferences for a proxy.

Scanning speed has been recently increased for Clam/ClamWin, so it's probably as fast as it's going to be for awhile. Version 1.0 of ClamWin should have a scanning service, which will be more efficient, and it won't scan a file if hasn't changed since the previous scan. Now thought, you can use the ClamWin Filters tab in Preferences to exclude certain files or include certain files, which can speed up scanning a bit. You don't need to scan your entire hard drive. I have my ClamWin set to scan only for the 50 or so file extensions (and directories) that are most likely to be infected.

Regards,

I'll use this thread just to don't open another one with same subject....

here the facts:
I tried to scan a file that I know it is infected just to test the application after several months usage.

then, incredibly, the scanner doesn't report any infected file....
I also tried to scan it by virustotal.com and the result was:

ClamAV 0.91.2 2007.12.05 PUA.Packed.SVKP

Additional information
File size: 200196 bytes
MD5: f8867a9218ac75bb2336c890e8ac8c02
SHA1: 36fcc4564dc61d1f6bb779edfbb574291c7e06e7
PEiD: SVK Protector v1.32 (Eng) -> Pavol Cerven
packers: SVKP

.... using online scanner the CLAMAV correctly reports the virus.... in local the result is negative.
I've also tried to scan the directory entirely.... same result

----------- SCAN SUMMARY -----------
Known viruses: 172673
Engine version: 0.90.1
Scanned directories: 0
Scanned files: 1
Skipped non-executable files: 0
Infected files: 0
Data scanned: 0.19 MB
Time: 39.484 sec (0 m 39 s)

----------- SCAN SUMMARY -----------
Known viruses: 172691
Engine version: 0.91.2
Scanned directories: 1
Scanned files: 17
Skipped non-executable files: 0
Infected files: 0
Data scanned: 1.68 MB
Time: 2.422 sec (0 m 2 s)



Any idea....?

Thanks

PUA.Packed.SVKP means it is detected as potentially unwanted application. Clamwin does not enable pua detection by default as it would yield undesirable false positives results on home computers. You can enable it by adding --enable-pua parameter in additronal command line parameters

This is an experimental option which acts as a cheap heuristic--enabling Clam/ClamWin to catch a bit more malware (about 5%, it seems). It finds things like tools that can be used for hacking. I've used it a couple of months without any problems. When using any experimental option, however, you should probably set ClamWin to Warn you about any malware it finds instead of Quaranting it. That way, it doesn't suddenly quarantine an important file (say Windows logon, etc.) which you need. You can always upload a copy of whatever it finds to Virus Total or Jotti to verify the malware like you did already.

Clam says they intend to refine the PUA. I guess they will officially incorporate it in the program then.

Regards,

Right...
the file is Infected by a virus... this is sure.

So i guess it should be better if this "pattern" it will be added to the virus database.
The complete report by virustotal.com:

---------------------------------------
File userinit.exe.vir received on 12.05.2007 10:06:58 (CET)

Result: 29/32 (90.63%)

Antivirus Version Last Update Result
AhnLab-V3 - - Win-Trojan/Pakes.Gen
AntiVir - - TR/Pakes.10
Authentium - - W32/Prosti.M@bd
Avast - - Win32:Trojan-gen {Other}
AVG - - Dropper.Agent.2.BU
BitDefender - - Trojan.Agent.AQ
CAT-QuickHeal - - Trojan.Agent.aq
ClamAV - - PUA.Packed.SVKP
DrWeb - - Trojan.MulDrop.1466
eSafe - - Suspicious File
eTrust-Vet - - Win32/Afrootix.E
Ewido - - Trojan.Agent.aq
FileAdvisor - - -
Fortinet - - W32/Agent.AQ!tr
F-Prot - - W32/Prosti.M@bd
F-Secure - - Trojan.Win32.Agent.aq
Ikarus - - Virus.Packed.Win32.Klone.af
Kaspersky - - Trojan.Win32.Agent.aq
McAfee - - Generic.dx
Microsoft - - Trojan:Win32/Agent.B
NOD32v2 - - Win32/SKVP.A
Norman - - W32/Agent.AJB
Panda - - W32/Prosti.A
Prevx1 - - -
Rising - - Trojan.Agent.asr
Sophos - - Troj/Afxroot-E
Sunbelt - - VIPRE.Suspicious
Symantec - - Hacktool.Rootkit
TheHacker - - Trojan/Agent.aq
VBA32 - - Trojan.Win32.Agent.aq
VirusBuster - - -
Webwasher-Gateway - - Trojan.Pakes.10
-----------------------------------------

Well, Symantec also said it was a hacker tool. It appears that Clam spotted it because it was a certain kind of packer or had a bit of packer code that is sometimes used by malware. It might not be harmful by itself--all Clam does is warn you about it. If you downloaded the file for your use or know it's on the machine, that's okay. Some legimite Windows programs are packed with the same packers used by malware authors.

Some of the antivirus softwares now are starting to flag files if they are packed with or contain hacker tools (certain packers, keyloggers, etc.) It's a cheap heuristic. These are Potentially Unwanted Programs, and they usually give you a configuration option to turn this feature on/off. Clam hasn't yet provided the option, so it's "experimental' until they do.

Regards,