 |
 | False Positive Virus Threats |  |
|
werj63
|
|
I had a problem with this before, it killed my excel on MS Office 2007. I experienced it again yesterday, I am running 10 machines, I am running Windows base and Linux base machines.
I have found that it only happens with the Clamwin version which I updated to ClamAV 0.95.3. As stated I also run (prefer) Linux machines, I have copied the suspect files to an external storage device, and scanned these files using the built-in antivirus (ClamAV Linux version) to scan the storage drive and it found nothing. None of the files identified by the Windows version were seen as a threat by the Linux versions. I hope this will help in the attempt to corrent this issue. P.S. these files are still showing up as threats. C:\Program Files\Microsoft Office\Office12\EXCEL.EXE: W32.Virut.Gen.D-163 FOUND C:\Program Files\Microsoft Office\Office12\excelcnv.exe: W32.Virut.Gen.D-163 FOUND C:\Windows\Installer\1495bd.msp: W32.Virut.Gen.D-163 FOUND C:\Windows\Installer\1495d5.msp: W32.Virut.Gen.D-163 FOUND C:\Windows\SoftwareDistribution\Download\d16f45aa864340ccf36504588c6fae4b\excel.cab: W32.Virut.Gen.D-163 FOUND C:\Windows\SoftwareDistribution\Download\d16f45aa864340ccf36504588c6fae4b\excel.cab: moved to 'C:\ProgramData\.clamwin\quarantine\excel.cab.infected' C:\Windows\SoftwareDistribution\Download\daa4e3a0ea4e94aba329bc28d3b354b1\xlconv.cab: W32.Virut.Gen.D-163 FOUND C:\Windows\SoftwareDistribution\Download\daa4e3a0ea4e94aba329bc28d3b354b1\xlconv.cab: moved to 'C:\ProgramData\.clamwin\quarantine\xlconv.cab.infected'  |
|||||||||||
|
|||||||||||||
 |
| |
|
alch
Site Admin
|
|
There was a MS Office update, the False positive will be rectified promptly.
|
|||||||||||
|
|||||||||||||
|
| |
|
sciencewriter
|
|
Thank you for this information. On my first scan with a new computer using Windows 7, six instances of this "virus" appeared. When I checked five of the six files at the Jotta Malware Scanner site, only ClamWin showed it a virus. (The sixth file exceeded the megabyte limit for Jotta's uploads.) I set the scanner to report only, never to quarantine or remove. :-)
|
|||||||||||
|
|||||||||||||
|
| |
|
DG12
|
|
Is
Programs\Office\FileFormatConverters.exe: W32.Virut.Gen.D-163 Also among the false positives?? |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
You can upload the file to Jotti or Virus Total to evaluate it. If it is too large, you might send a PM to alch.
Regards, |
|||||||||||
|
|||||||||||||
|
| W32.Virut.Gen.D-163 | |
|
birdog63
|
|
This "false positive" continues to show up on several of my computers following scans. What solution is available to have Clamwin not report as a virus?
|
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Clam AV provides the scan engine and signature database used by ClamWin. All undetected viruses--and false positives should be reported to Clam at https://www.clamav.net/sendvirus/ on the web so they can update their signatures. In the case of false positives, be sure to tell them that it is a false positive and the name of the virus that is falsely detected. If the file is too large to upload, please let us know about it here for special transmittal to Clam.
Clam made some signature adjustments today for several Virut false positives. Please check again to see if yours was fixed. Regards, |
|||||||||||
|
|||||||||||||
|
 | False Positive Virus Threats | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.