The reply to my earlier post on ESET picking up ClamWin as a virus infestation route seemed to make sense. Then I thought about it some more. Now I'm not so sure.

To understand this post a person probably needs to go through the earlier thread.

I use both ClamWin and Malware Bytes in much the same way, as on-demand scanners. ESET doesn't pick up anything Malware does as a virus or potential virus but it does do that for ClamWin. The suggestion was that ESET in real time was picking up virus signatures in ClamWin's temp file and quarantining them. ESET doesn't do that for Malware Bytes or, for Windows Defender, for that matter.

Why, if the explanation is correct, only ClamWin?

I mentioned that was a possible explanation because I have seen it before on occasion--not with Eset/ClamWin, but I have seen it with Avast/ClamWin and Security Essentials/ClamWin and maybe AntiVir/ClamWin--it's been so long since I used them. It could be that Eset has some virus signatures that are the same as ClamWin's--perhaps a hash for a file or something like that. The AV companies all get the same samples and use similar tools to analyze them, so it is possible they will have the same signature now and then. Clam/ClamWin can put its signatures in temp files as it is scanning. They are usually cleaned up after a scan, but if another AV is scanning in real-time, if it has the same signature, and if it is fast enough, it may identify/quarantine a temp file.

What you need to do is to actually find that file(s) and that will end all speculation. Then if it is a false positive, you can submit it to Eset, but I think the thing to do is to "whitelist" ClamWin's temp files (*.clamtmp) in your Eset AV program, because Eset will probably not change a valid signature.

Regards,