|
bestbefore99
| Joined: 09 Jun 2009 |
| Posts: 0 |
|
|
|
 Posted: Tue Jun 09, 2009 2:44 pm |
|
 |
 |
|
|
Hi.
Running clamwin the Trojan.Dropper-12634 was found on REALbasic 2007R3 (a basic like programming language and IDE) and on several
executables compiled with it. I wonder if this is a false positive, and should be whitelisted.
My environment is Windows, Clamwin 0.95.1 , virus db updated 8 Jun 2009
Many thanks
Massimo
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Tue Jun 09, 2009 2:57 pm |
|
|
|
|
|
Most viruses try to be stealthy/unnoticed, so if you have the same virus found in more than one file, there is a good chance it is a false positive. You can upload one of those files to VirusTotal at https://www.virustotal.com/ on the web or to Jotti at https://virusscan.jotti.org/en on the web. Either service will provide you with a free scan of a file with multiple antivirus programs, including Clam AV (the engine for ClamWin). If only a couple of other AVs besides Clam find an infection, it's probably a false positive and not a real infection. If several AVs find an infection (I like to see at least 5), it's probably a real infection, and you can delete the file(s) from your machine.
If it is a false positive, you should tell Clam about it so they can adjust their signature (which will fix ClamWin also). Their submission process starts at https://www.clamav.net/sendvirus/ on the web. When you get to the upload form, be sure to check the false positive block, tell them the name of the "false" virus, and tell why you think it is a false positive in the comments block.
Reards,
|
|
|
