 |
 | False Positive |  |
|
SFSecurity
|
|
The file googlg46.exe is highly unlikely to be a virus as it it is off of a CD from Logitech that is about 5 years old and was never found to be a virus until now. Also VirusTotal shows 2 out of 41 that show it to be a virus.
I am on daily updates and this is the latest: -------------------------------------- ClamAV update process started at Sun Aug 02 07:32:00 2009 main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) daily.cld updated (version: 9643, sigs: 62083, f-level: 43, builder: mcichosz) Database updated (607118 signatures) from database.clamav.net (IP: 64.246.134.219) --------------------------------------- Scan Started Sun Aug 02 16:24:55 2009 ------------------------------------------------------------------------------- C:\Evelyn_Data_Backup_090802\Program Files\Logitech\Resource Center\installers\google\googlg46.exe: Trojan.Swizzor.Gen FOUND ----------- SCAN SUMMARY ----------- Known viruses: 606493 Engine version: 0.95.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 1.27 MB Data read: 0.29 MB (ratio 4.33:1) Time: 3.515 sec (0 m 3 s) -------------------------------------- Completed -------------------------------------- Warmest Regards, Allen Schaaf - CISSP, CEH, CHFI, CEI Information Security Analyst - Business Process Analyst Training & Instructional Designer - Sr. Writer & Documentation Developer - Certified Network Security Analyst & Intrusion Forensics Investigator - Certified EC-Council Instructor https://www.linkedin.com/in/allenschaaf Security is lot like democracy - everyone's for it but few understand that you have to work at it constantly. |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
Those generic signatures are tough to do because they have to cover a wide range of related malware, and sometimes a "good" file can also be tagged as bad. Since you have verified that it is more than likely a false positive, go to the Clam AV (Clam furnishes the scanning engine/signature database for ClamWin) submission site and report it, starting at https://www.clamav.net/sendvirus/ on the web. When you get to the upload page, before you upload it, be sure to tell them it is a false positive, give the name of the virus that is falsely detected, and tell why you think it is a false positive. They will adjust the signature within a day or two. I believe they can take care of uploads up to about 25 MB or so in size now.
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
SFSecurity
|
|
What I got back from them was: ClamAV Virus Database Result: This virus is already recognized by ClamAV 0.95.2/9645/Mon Aug 3 00:11:36 2009 (timezone: ) as Trojan.Swizzor.Gen . Be careful when submitting samples and remember to run freshclam! Check the FAQ now Please correct the above errors and retry. Thank you for helping the ClamAV project. I did identify it as a false positive, but perhaps not in the way they recognize. Clues? Thanks, Allen |
|||||||||||||
|
|||||||||||||||
|
| |
|
GuitarBob
|
|
Sounds like you submitted it as a virus, instead of a false positive. To the right of the "the file attached is," there are several radio button choices. The default comes with a "malware already recognized, etc. If you have a false positive, you need to click the false positive radio button. That will do the trick! Thanks for submitting.
Regards, |
|||||||||||
|
|||||||||||||
|
 | False Positive | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.