|
mabverso
| Joined: 04 Sep 2010 |
| Posts: 0 |
|
|
|
 Posted: Sat Sep 04, 2010 1:30 pm |
|
 |
 |
|
|
Upgraded to 0.96.2.1 and got 42 hits on Trojan.Fraudpack-4400. Scanned a sample of the files online and found no infections.
|
|
|
|
jodifu
| Joined: 12 Feb 2010 |
| Posts: 0 |
| Location: Europe |
|
|
| Posted: Sat Sep 04, 2010 3:02 pm |
|
|
|
|
|
FYI also got 6 hits last night using 0.96.2 running on W2K3 server, once again all of them were install resp. setup files and cabinets. On Virustotal, the ClamWin engine (0.96.2.0-git/2010.09.04) was the only one to report a finding, however there it was called "PUA.Packed.ASPack"...
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Sat Sep 04, 2010 11:32 pm |
|
|
|
|
|
A PUA detection is optionally selected by the user to warn them of potentially evil files. In this case, the file was packed with a packer commonly used by malware authors. You did the right thing to check the file with an online scanner.
If you get more than a couple of detections for the same virus, it is very likely to be a false positive. Most viruses are not too noticeable, and multiple infections make them more visible. But you still need to verify one of the files with an online scanner like Jotti or VirusTotal.
If a file is a false positive, you should report it to Clam AV starting at https://www.clamav.net/lang/en/sendvirus/ on the web. When you get to the upload page, before uploading, be sure to check the false positive section and tell them the exact name of the falsely-detected virus in the comments section. Clam will update their signature within a couple of days, and ClamWin users will get the update.
Regards,
|
|
|
