|
bugme
Guest
|
|
 Posted: Wed Jul 30, 2008 10:43 am |
|
 |
 |
|
|
Hello I think ClamWin is giving a false positive. The file is the https://nsis.sourceforge.net/ nsis setup. You can read https://forums.winamp.com/showthread.php?s=&threadid=295267 this post in the nsis forums.
Can someone confirm this is a false positive?
|
|
|
|
Antonio S.
| Joined: 20 Apr 2008 |
| Posts: 0 |
| Location: Italy |
|
|
| Posted: Wed Jul 30, 2008 7:15 pm |
|
|
|
|
|
Hello,
First of all find out if the file is really a false positive by uploading it at www.virustotal.com. This is a free service which can submit uploaded file to multiple AV scans. If most part of AV involved do not find anything, it is likely to be a false positive.
As virus DB is maintained by ClamAV pls notify the false positive using the form at https://cgi.clamav.net/sendvirus.cgi; usually Clam team fixes the issue rapidly. By doing this you will help to improve Clam/Clamwin efficiency.
Regards,
Antonio
|
|
|
|
bugme
Guest
|
|
| Posted: Thu Jul 31, 2008 7:48 am |
|
|
|
|
|
Yes, if you read the post to which I linked, you will find the report from virustotal. And yes, Clam is the only AV spotting the file as a virus.
Anyway, I'll notify Clam through the link you provide.
|
|
|
|
clamwinneil
| Joined: 30 Sep 2007 |
| Posts: 0 |
|
|
|
| Posted: Tue Aug 05, 2008 2:45 pm |
|
|
|
|
|
Hello. That link isn't working for me, I think I have a false positive E:\Program Files\WinRAR\Zip.SFX: Trojan.Downloader.Banload-5581 FOUND
Who do I notify? And how?
Many thanks in advance for your help.
|
|
|
|
Antonio S.
| Joined: 20 Apr 2008 |
| Posts: 0 |
| Location: Italy |
|
|
| Posted: Tue Aug 05, 2008 5:32 pm |
|
|
|
|
|
Hello,
First , be sure the file detected is really a false positive: go to https://www.virustotal.com
On the main page you have the possibility to upload the file browsing directories just like you were using windows explorer. Uploaded file is submitted to multiple scanning engines (ClamAV amongst others), time mainly depends on server load.
If no other (or fewer) AV's spot the file as malware it is likely to be a false positive; pls inform Clam team using the form at https://cgi.clamav.net/sendvirus.cgi
(your name, mail address and copy of the file involved are required; you will have to upload it the same way as shown for Virustotal and tick the field related to false positive. Clam team is fixing the issue in short time. Redo the scan with ClamWin after 2/3 days after notification (of course after having updated virus DB); the file should not be detected anymore as malware.
In case scan done with Virustotal reports a remarkable rate of Av's spotting file as malware it would be better to remove it from the computer.
BTW, as an alternative to WinRAR you can use 7-zip (https://www.7-zip.org) which is free, open source and efficient as well.
Hope this helps,
Antonio
|
|
|
