Clamwin scanner (ver. 0.97.2) has removed a lot of "friendly" files Microsoft Exel (*. xls)!!! Among them were many important files, reports on the work! What should I do? Are you going to produce the correct update, which will not delete the *. xls files?

I have had the same problem beginning with a scan started Sun Dec 18 0200 (-5 GMT). I am receiving all kinds of false positives for files with Microsoft Office file extensions. It is detecting BC.Exploit.CVE_2011_3412 . I know these files are not infected since we have had some of them for years without issue.

Yes! Many of the files a few years, as well as in the settings, users stood "Remove" - ​​a scanner remove the necessary documents for many years of work! Will there be a critical update with the corrected database?

There was a false positive on some Clam AV bytecode signatures yesterday. Clam AV is aware of it and it should be corrected soon.

I hope you had ClamWin set to quarantine and not to remove. Can you exclude .doc and .xls files from ClamWin detection and then use the ClamWin restore program to get the files back out of quarantine?

Regards,

In the settings found "Remove"! Can you recover lost files?

No files can be recovered if you have used the Remove option for infected files. That is why it is not a recommended option.

I guess there may be a chance you could recover something by using an "undelete" type program--look at the ClamWin quarantine directory via the program and see if anything is there to recover.

If a file is important to you, backup, backup, backup.

Regards,

This is back. I have several xls files showing this virus which I believe is still a false positive.

Yes. Clam AV furnishes the scan engine and signature database used by ClamWin. Each sigmaker at Clam is responsible for correcting his own false positive detections. They may not work every day, so it may take several days. The bytecode signatures take quite a bit of time to prepare. Report false positives (and undetected viruses) to Clam AV at https://www.clamav.net/lang/en/sendvirus/ on the web. For false positives, change the submission type on the submission form from "virus" to "false positive."

Report the false positive(s) if you have not yet doneso. In the meantime, please keep ClamWin set to Quarantine infected files. You should also consider configuring ClamWin's configuration option, filters to exclude from scanning those filename.extensions that are falsely detected. Then you can restore them from quarantine using ClamWin's Quarantine Browser. After 2/3 days, remove them from the ClamWin filters and see if the signature has been corrected.

Regards,

a week do not correct the false activity. When will the correct database update clamwin?

Soon, I hope. I just sent an email to the Clam AV team.

Regards,

This is the message I received from a scan yesterday. Should I consider this a false positive? Or if not, what should I do?

C:\Windows\Installer\7223a.msi: BC.Exploit.CVE_2012_0184-1 FOUND
C:\Windows\Installer\a64e28.msi: BC.Exploit.CVE_2012_0184-1 FOUND

Scan the file(s) with ClamWin today and see if there is still a detection for them. If there is, upload the files (one at a time) to Jotti or Virus Total, where you can scan them with multiple AVs, including the Clam AV engine used by ClamWin. If no other AVs (or only a couple of other AVs) see an infection, it is probably a false positive, so you should upload the file to Clam AV so they can correct their signature. If a file is too large to upload, send an email to luca at clamav dot net for instructions.

If you have used a file for a good length of time (say longer than a month), and the file has not changed, it is probably a false positive.

Regards,