|
alyab
| Joined: 16 May 2014 |
| Posts: 0 |
| Location: brooklyn |
|
|
 Posted: Fri May 16, 2014 7:35 am |
|
 |
 |
|
|
While ClamWin was running, Avast quarantined a few such files:
clamav-###########################.clamtmp
Are these temporary files used only for the ClamWin scan? I ran the files through virustotal.com, and they are analyzed as infected riskware or trojan or suspicious by about 8 anti-malware databases. Can someone explain to me what these files are, and whether deleting them will solve the whole problem?
ClamWin did label 3 files as trojans after the scan, although I am having trouble confirming whether or not these are false positives.
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Fri May 16, 2014 12:58 pm |
|
|
|
|
|
Yes - the temp files are created by ClamWin during a scan. They can contain virus signatures (not viruses), and other AVs can sometimes have the same signatures, so they can detect the virus signature in the temp file and quarantine it. To prevent this, see if you can exclude the clamtmp extension from the other AV's scans, but some AVs will not allow you to exclude just an extension without a file name (like filename.clamtmp). You can not give the extension a name because the filename can change. You can exclude the clamtmp extension from Microsoft Security Essentials/Windows Defender, but I do not know about Avast. Maybe you could exclude *.clamtmp.
If you suspect a false positive, always upload it to the Jotti or Virus Total online scanners for a scan with multiple AVs, including the Clam AV scan engine used by ClamWin. If two or more of the other good/major AVs see an infection, you can usually believe it.
Regards,
|
|
|
|
alyab
| Joined: 16 May 2014 |
| Posts: 0 |
| Location: brooklyn |
|
|
| Posted: Thu May 22, 2014 1:01 am |
|
|
|
|
|
Thank you for answering me. I had asked a bunch of questions that day on different websites, so I'm sorry I didn't get back to this until today.
Just to clarify: I ran Clamwin off a flashdrive. If these .clamtmp files are left on my PC after the process is over, can I delete them? they are in a temp file. Does that mean they are only needed for the scanning process, and should rightfully be deleting themselves when the process is over?
I did exclude Clamwin.exe from the avast virus protection after this happened. but you seem to be saying something else. That I should try to exclude the files by name, ie. "*.clamtmp", not the process.
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Thu May 22, 2014 1:18 am |
|
|
|
|
|
The temp files used to be deleted automatically--perhaps at the next reboot, but I don't know about the present. I still see some on my computer sometimes. The files are harmless.
Regards,
|
|
|
