I downloaded ver. 95.3 of ClamWin ANtiVirus and the first time I ran it I got a warning from Microsoft Win 7 Security Essential about a potential threat. A program was uploaded which provides backdoor remote access to the computer it is installed on. A URL for an image of the Security Essential report is attached.

http ://www.postimage.org/image.php?v=TskyEo0

Where did you download the ClamWin version from?

By the way, I received a message from my security software telling me that the web link you provided was a potentially malicious one. I do not recommend anyone else try it, pending any further research. Note that this poster just joined today and did not provide any information about him/herself.

Regards,

it reports a virus in the clamwin temp file. temp files are used to unpack archives and therefore if you scan a zip file with a virus and have another AV installed it would detect a virus there.

Bob: I edited the embedded image so it does not show automatically

in response to GuitarBob - I downloaded the program from a portable flashdrive application suite from PortableApps.com and the forum puts uploaded images at that URL whenever you use the hyperlink to "Add image to post"

not sure how to respond to alch - whenever security essentials detects "Backdoor:Win32/Ursap!rts whenever I run a scan. This item, "program" is described as providing remote access to the computer it is installed on.

If I read your post correctly, it appears that the Clamwin archive are infected and I should be reporting it to the distributor on the PortableApps website.

[quote="blakin49"
not sure how to respond to alch - whenever security essentials detects "Backdoor:Win32/Ursap!rts whenever I run a scan. This item, "program" is described as providing remote access to the computer it is installed on.

If I read your post correctly, it appears that the Clamwin archive are infected and I should be reporting it to the distributor on the PortableApps website.[/quote]

Not quite. What you are getting is a false positive detection by the Security Essentials, not a real virus. Now when you mentioned that you are getting it every time you run a scan I come to think it is the clamav virus signature database that triggers false detection. Every time you start a scan, clamwin unpacks its virus signature database to load and MS Security Essentials flags that as a virus.

It would be great if you could submit one of the clamtmp files to the MS Security Essentials team marking it as a false positive.

Sometimes clamtmp files will trigger a detection in another antivirus if they contain signatures from the Clam AV database that another AV also has. They are usually deleted, but I guess Security Essentials can kick in pretty fast. See if you can exclude *.clamtmp files from Security Essential's scans.

Regards,