|
ibisarief
| Joined: 17 Sep 2016 |
| Posts: 0 |
| Location: pune |
|
|
 Posted: Sat Sep 17, 2016 11:15 am |
|
 |
 |
|
|
hello, clam av detected a virus 00000001000042FE00000027: Win.Trojan.URLspoof-2 .In virustotal also, only clamav could detect this virus.i hope this might be a false positive please verify and let know if it is a false positive
Thank you
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Sat Sep 17, 2016 2:20 pm |
|
|
|
|
|
If you scanned the file with one of the online scanners (Virus Total, VirScan, Jotti) and the Clam AV engine used by ClamWin is the only AV to detect it, then that is veriicaton enough! Virus Total sends all false positives to the AV, so if you used Virus Total, then Clam AV will know about it and eventually correct their signature. If you used one of the other AV online scanners, you should upload the file to Clam AV at https://www.clamav.net/contact (select Contact, then False Positive) so they can correct their false positive signature.
ClamWin uses the Clam AV scan engine, so Clam AV has to correct all false positive signatures.
You can whitelist the file on your computer to prevent ClamWin fom falsely detecting it. It may take Clam AV a week or longer to correct their signature--false positives must be corrected manually. Scan it online once in a while until Clam AV no longer detects it, and you can then delete the whitelisted file when it quits detecting it.
Thanks for using ClamWin!
|
|
|
|
ibisarief
| Joined: 17 Sep 2016 |
| Posts: 0 |
| Location: pune |
|
|
| Posted: Mon Sep 26, 2016 4:33 am |
|
|
|
|
|
Hello, still in Virustotal the sign is showing same... only clam AV detecting Win.Trojan.URLspoof-2.Please confirm whether the false positive signature is corrected in clamav
Thank you
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Mon Sep 26, 2016 6:40 pm |
|
|
|
|
|
We can not confirm a false positive. Look to Virus Total to tell you when the Clam AV scan engine no longer detects a file as a false positive. ClamWin has nothing to do with virus signatures. Clam AV is responsible for the scanning engine and virus signatures used by ClamWin.
Regards,
|
|
|
|
ibisarief
| Joined: 17 Sep 2016 |
| Posts: 0 |
| Location: pune |
|
|
| Posted: Tue Feb 14, 2017 9:09 am |
|
|
|
|
|
Hello, Greetings of the day.Still, we have been encountering this alert from ClamAV scan.Can you please explain or mention links to refer what might be the root cause for this alert.
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Tue Feb 14, 2017 3:35 pm |
|
|
|
|
|
Since a lot of time has passed since you first reported this, the cause is most likely a "false positive" detection by a Clam AV virus signature. What you should do is upload a copy of the file to Clam AV at https://www.clamav.net/contact on the web. Select the "Report A False Positive" option. If you do this, it will probably take Clam AV a week or so to correct their signature so that the file is no longer detected.
Thank you for using ClamWin!
Regards,
|
|
|
