Virus Total has announced that it will start using whitelists from the large AV companies to try to limit false positives in the AV industry. It passes on both undetected files and false positive detections to the AVs involved. Perhaps a false positive report from Virus Total will get more attention from Clam AV correcting sigmakers than from us users! I'm afraid, however, the real problem is still lack of human sigmakers at Clam AV to correct false positives, but I suggest that you submit FPs to Virus Total instead of Clam AV now.

Regards,

I always felt ClamAV seems to pay more attention to false positives if they are submitted to VirusTotal, first. Still, I would suggest submitting the false positive to VirusTotal, then submitting the VirusTotal report and the false positive to ClamAV false positive support. This way, they know they should be giving more attention. I have also notice an increase number of false positive fixes in the last false positive patch ClamAV supplied. I guess this answered that question.

You should also note that there is not much ClamAV, or any other AV company, can do about false positives, since they appear random and different each time. The only thing we can do is submit the false positive to the company and let them get a patch for it.

Clam AV is used primarily on Linux email servers. However, the email involves a lot of Windows file attachmentsl. In the past, Clam has disregarded this to a large extent. When I was preparing signatures for Clam, I ran the signatures on my own Windows machine to check for false positive detections, but there are probably millions of Windows software programs and system files, and Clam AV does not have enough Windows files on its false positive "farm" that it uses to check signatures before accepting them. They also do not have enough human sigmakers to correct false positive signatures. They could do better if they automated false positive processing the way they do most of their malware signatures now. It would also help if they would recognize that about 95%-99% of files that have a valid digital signature are benign!

It all boils down to cost of the resources that are needed, and Clam AV does not generate any revenue to justify any additional effort to correct false positives. I'm afraid ClamWin is on its own!

Regards,

I barely see any false positives on my Windows 7 64bit, so I assume they have the proper equipment for Windows 7 64bit systems. Each operating system is different as well as the difference between 64bit and 32 bit. They will need test files from each operating system for both 32 and 64. When I asked Joel if they needed any from Windows 7 64bit, he sent it to Alain and I never got a reply back.