ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
ClamWin Free Antivirus Forum Index » General Suggestions/Questions
Reply to topic
False Positives - Install and Uninstall executables
dude_472


Joined: 06 Jun 2008
Posts: 0
Location: Wilkes-Barre PA
Post Posted: Sun Aug 10, 2008 2:43 pm Reply with quote
I continue to get false positives for installation and uninstall executables:

msgr8us.exe (Yahoo Messenger)
unins000.exe (Real Player Uninstall)
telnet.exe
SnagIt.exe (Video Capture)
mpcLauncher.exe


These are all well known utilities/applications and have been on my system for years, and without complaint from other AV scanners.

I agree, an interface to view quarantined files and provide a disposition that ClamWin can learn from, or at least so my local ClamWin knows that the file is okay.

Thanks for any help
View user's profileSend private messageSend e-mail
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Post Posted: Sun Aug 10, 2008 7:25 pm Reply with quote
The resason for most false positives is that malware may use some of the same code as "good" applications. The only way for us users to "fix" this is to let Clam know about a false positive, so they can adjust their signature. When you get a detected infection on a file you use frequently, and you are sure it is "good," then go to the Clam submisson page at https://cgi.clamav.net/sendvirus.cgi on the web. This is the same page that you report a virus on. Indicate that it is a false positive, give the exact virus name that Clam falsely detects, and add any other comments you care to make.

Regards,
View user's profileSend private message
dalep


Joined: 06 Nov 2008
Posts: 0
Location: Florida
Post Posted: Thu Nov 06, 2008 8:29 pm Reply with quote
It would be REALLY nice if clamwin restored those false positives after the database update no longer registers them as viruses.
And as stated it would also be nice if you could tell your local calmwin to leave specific files alone (for that virus, and log the action). Otherwise you have to make the choice to not scan, or restore the files manually each time until the DB is updated.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Post Posted: Thu Nov 06, 2008 10:00 pm Reply with quote
You can presently tell ClamWin to exclude a file from its scheduled scans by going into the Configuration menu to bring up Preferences. Then click on Filters. You will work with the left-hand side of the screen under Exclude Matching Filenames. Click on the dim square box to go to the end of the list and insert a filename.extension you want to exclude (example: winamp.exe). Then double click on the box again to leave the line and OK it. Do this for each file you want to exclude.

This excludes the file from scheduled scans but not from other scans--such as memory scans or Explorer right-context scans.

Regards,
View user's profileSend private message
False Positives - Install and Uninstall executables
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
 		All times are GMT  
Page 1 of 1  
  
  
ClamWin Free Antivirus Forum Index » General Suggestions/Questions
 Reply to topic