|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
 Posted: Sat Jan 26, 2008 11:58 pm |
|
 |
 |
|
|
I just noticed that the ClamWin memory scan bypasses the filters set up in Preferences. I had a false positive on a .dll in some security software several days ago. It looks like Clam isn't going to change the signature because it's just a Potentially Unacceptable Application (PUA), so I set my ClamWin filter preferences to exclude it from scans, but ClamWin still reports it as infected during memory scans. It is correctly excluded, of course, during file scans.
Regards,
|
|
|
|
sherpya
| Joined: 22 Mar 2006 |
| Posts: 0 |
| Location: Italy |
|
|
| Posted: Sun Jan 27, 2008 10:50 am |
|
|
|
|
|
I think it's not a good idea to honor filters in memory scan, it's by design
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Sun Jan 27, 2008 1:45 pm |
|
|
|
|
|
Thanks, Sherpya. You are probably correct in most cases--just as filters are also ignored during an individual file scan. In my case, it is HIPS software, which is robust enough to survive the unloading of the memory processes. The HIPS could "strike back" at ClamWin, but I've got it whitelisted. It's weird!
Regards,
|
|
|
|
sherpya
| Joined: 22 Mar 2006 |
| Posts: 0 |
| Location: Italy |
|
|
| Posted: Sun Jan 27, 2008 6:07 pm |
|
|
|
|
|
if really needed it could be implemented, perhaps a program resisted to kill?
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Sun Jan 27, 2008 6:54 pm |
|
|
|
|
|
Speaking of that, I saw that there was a virus recently that listed ClamWin among the antivirus programs that it was set up to disable. It targeted Clamscan, clamtray, and Freshclam.
Regards,
|
|
|
