Installer was downloaded from OldVersion:
https://download.oldversion.com/winrar362.exe

Several other antivirus packages find this file to be clean.

Is this a false positive?

-Sporktoast

I downloaded the file from your link. It's probably a false positive, as CP Secure is the only other AV on Jotti that finds anything. I even can't find it in Clam's signature names. RAR files have been used to hide malware a lot lately, so it looks to be some sort of generic signature. I suggest you upload the file to Clam at https://cgi.clamav.net/sendvirus.cgi on the Web and tell them it's a false positive. You will be helping to make Clam/ClamWin better!

Regards,

Yes, it is a false positive!

Downloaded the same file from the original site some time ago - all other scanners (incl. McAfee) state that the file is clean!

I 've found another false positive in Visual Studio 2008...
=> C:\Programme\Gemeinsame Dateien\Merge Modules\Microsoft_VC90_CRT_x86_x64.msm: Trojan.Srizbi-15 FOUND

If anyone of the team is reading this, plz fix the signatures!

tia,
Duncan

We users have the responsibility to report false positives. Go to Clam's submission form at https://cgi.clamav.net/sendvirus.cgi on the Web. Upload a copy of the file and fill out the form (be sure to click the false positive button). Select the "contact me" button for them to tell you the FP has been processed. Until you hear from them, you can exclude the file/program from ClamWin's normal scans by changing your Filters preferences.

Clam's signatures are subject to an "eyeball" check, and they are all processed against a representative sample of "clean" programs for false positives. However, eyeballs are not perfect, not every program can be in the sample, and programs can be changed after the signature is developed. The user is the final quality check!

Regards,