|
hankyknot
| Joined: 03 Nov 2008 |
| Posts: 0 |
| Location: NB, Canada |
|
|
 Posted: Mon Nov 03, 2008 4:42 pm |
|
 |
 |
|
|
I have two Windows 2000 machines that are having their svchost.exe file deleted by clamwin which is in turn causing all kinfs of problems as you can imagine.
I fixed the problem by expanding svchost.ex_ from the cd back to the system32 folder. next day the virus was detected in exactly the same place despite it being a new version. The two machine exhibit the same symptoms but they are not connected in any way other han having the same OS.
Could this be a false positive?
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Mon Nov 03, 2008 6:01 pm |
|
|
|
|
|
To find out if a file has a real infection or if it is a Clam false positive, upload it to Jotti at https://virusscan.jotti.org/ on the Web or to VirusTotal at https://www.virustotal.com/ on the Web. Either one will provide a free scan of the file with multiple antivirus programs, including Clam. If more than a couple of other AVs besides Clam say a file is infected, it probably is.
If it is a false positive, tell Clam about it at https://cgi.clamav.net/sendvirus.cgi on the Web. That's the same page where you send/report a virus that Clam doesn't detect. Fill out all of the form, upload the false positive file, indicate it is a false positive, and tell them the name.
If it is a false positive, set ClamWin's General preference for Infected files to Report instead of Quarantine to prevent it from being transferred to Quarantine until Clam changes the signature.
Regards,
|
|
|
