|
jeffjewitt
| Joined: 27 Apr 2009 |
| Posts: 0 |
| Location: Claveland, OH |
|
|
 Posted: Mon Apr 27, 2009 3:32 pm |
|
 |
 |
|
|
I have 4 false positives. When I try to rename the file that's in quarantine by removing the .infected from the filename, 2 things happen.
1. the extension is removed from the filename - example excelcnv.exe.infected goes to excelcnv. I am not removing the .exe, only the .infected using the rename command by right-clicking
2. I can't move the file - I get a dialog box that says can't move file - can't read from the source file or disk.
Help???
Jeff
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Mon Apr 27, 2009 3:39 pm |
|
|
|
|
|
I suggest you move the file(s) from Quarantine to your desktop, rename them on the desktop, and then move them to their proper directory. Alternatively, you could move them to their proper directory and then rename them there.
Regards
|
|
|
|
jeffjewitt
| Joined: 27 Apr 2009 |
| Posts: 0 |
| Location: Claveland, OH |
|
|
| Posted: Mon Apr 27, 2009 4:00 pm |
|
|
|
|
|
Thanks that worked. Question though. When I rename files that I moved from quarantine to the original folder, the rename command eliminates the filename extension (excelcnv.exe isn't accepted, it renames only to excelcnv)
Is this because quarantine is applying the filename to the quarantined file when it renames it so you can identify it?
Jeff
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Mon Apr 27, 2009 8:12 pm |
|
|
|
|
|
I didn't know about this situation until you brought it up. I've learned never to put a file in ClamWin's quarantine until I have verified it as actual malware with Jotti/VirusTotal. The Clam AV engine used by ClamWin is designed for email services, which don't have to consider actual operating program files--just email attachments. A false positive there isn't so bad as it is in the real Windows world!
Evidently, placing it in quarantine makes something funny happen when renaming. I hope that you did get the extension back now that it is in the original directory again.
Regards,
|
|
|
|
tweeter103
| Joined: 15 Mar 2009 |
| Posts: 0 |
| Location: Sydney |
|
|
| Posted: Tue Apr 28, 2009 3:38 pm |
|
|
|
|
|
I had a similar problem.
https://forums.clamwin.com/viewtopic.php?t=2200
I ended up resorting to file assain to finially kill the file.
I could not move it, rename it or even delete it.
|
|
|
|
jeffjewitt
| Joined: 27 Apr 2009 |
| Posts: 0 |
| Location: Claveland, OH |
|
|
| Posted: Fri May 01, 2009 5:14 pm |
|
|
|
|
|
I had filename extensions hidden for known (common) files in the settings for folder view. Turning it back on puts the extension back on, so this isn't a big problem. Just being careful.
I changed clamwin from quarantine to notify, this sounds like a btter way to go. Moving files back to the orioginal location can be tricky.
|
|
|
