 |
 | eTrust/ClamWin |  |
|
mbraeken
|
|
Hello,
We were rececently blacklisted re. email. Since our company uses eTrus to scan the PC's, I did a double-check of all workstations, using ClamWin. ClamWin detected quite some things that eTrust should have seen too, so thumbs up for that ! Since a couple of days, I have one of the ppl here reporting each day that her eTrust client has found a virus. The first time this was reported, I emptied the folder in which the so mentioned file resided. The day after (today), the person reported again that eTrust had found a virus. I went to check the file: - C:\DOCUME~1\RSPECHT\LOCALS~1\TEMP\CLAMAV-A3EED1B32C7B976333DF9FE4C90D53D5.00000FF4.CLAMTMP The virus found: - Win32/Kariada.A - Trojan - Signature detection Can you have a look at this and let me know what I should make of this ? Should we worry about it or is this just a false positive ? I know running 2 virusscanners on the same client is never a good idea, but I think you can understand why we tried to double-check whether eTrust did or did not see these files in the first place. Thanks, Mario |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
Make sure you have been using the most recent update of eTrust. Upload a copy of that file to Jotti at https://virusscan.jotti.org/. They will do a free scan for you with about 20 antivirus programs, including Clam. If four or more of them find a virus/malware, it's probably a real virus, and you should delete the file, otherwise it's probably a false positive.
If it's a false positive, tell eTrust about it--they'll need to "whitelist" it. As a last resort, you can whitelist a file in ClamWin by going to Preferences, Filters, Exclude Matching File Names, and then editing/adding it with the extension--such as winfilename.exe . Don't do this lightly, however--make sure the file is a real false positive/unique and is not a Windows sytem file. Regards, |
|||||||||||
|
|||||||||||||
|
| Re: eTrust/ClamWin | |
|
budtse
|
|
This file is (part of) the unpacked signature database. Every time you start a scan with ClamWin, the virus database is unpacked in a temporary file. A resident scanner will pick this up and detect virus signatures in it (because that is what it contains). It contains no real virus, just the signatures, so you can exclude it from your eTrust scans. |
|||||||||||||
|
|||||||||||||||
|
| |
|
GuitarBob
|
|
Oops!--didn't notice this was a temp file from a scan dump--guess it was just to big to see! In that case, you can delete the file and be done with the problem. In fact, I used to get so many of those that I excluded *.clamtmp from my ClamWin scans, but that might be bad practice.
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
mbraeken
|
|
Hello,
I suspected something like that, and again - running 2 scanners at the same time is (I know ;o) always a bad idea. Thanks for your support. Kind regards, Mario |
|||||||||||
|
|||||||||||||
|
 | eTrust/ClamWin | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.