 |
 | False positive Malware |  |
|
eveinfo
|
|
I just wanted to report that ClamWin has repeatedly been detecting Win.Malware.Separ-6598261-0 on every FTPUtils.dll file from Serif Programs I have.They are a serious and reliable company, so I contacted them about this.
This is their reply: "This appears to be a false positive message from ClamWin as i have scanned this file with Windows Internet Security and it has not detected any issues with the file and we have not received and reports of other security programs finding a problem with the file. Please can you report this to ClamWin as a false positive result and they will investigate this further." https://postimg.cc/image/llqakoa13/ 
I also have scanned the same file with ESET and Malwarebytes and they didn't find anything. I can send the file for further investigation, I just don't know where to. Thanks |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
Thanks for the info, but you need to report this to Clam AV via their Contacts link on their web site. Alternatively, you can scan one of the falsely detected files on Virus Total. If it is detected there only by the Clam AV scan engine used by ClamWin, Virus Total will tell Clam Av about it so they can correct their signature. It can sometimes speed things up a bit if you do both. At any rate, it may take a week or so for Clam AV to make the correction.
ClamWin uses the scan engine/signatures provided by Clam Av. We can not correct any signatures--that has to be done by Clam Av. Thanks for using ClamWin! Remember that the developers recommend you use it as a "second opinion" virus scanner to another more powerful, real-time AV. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
eveinfo
|
|
Thank you, GuitarRob!
I didn't know about Virus Total, I will do that. I had already sent Clam AV a message through contact form, so it's halfway done.  |
|||||||||||
|
|||||||||||||
|
| |
|
eveinfo
|
|
oops
I just ran it through Virus Total and it came out totally clean, even by ClamWin. Ran it again through ClamWin on my PC and it was pointed out again as infected. Weird!  |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
ClamWin is not on Virus Total, but Clam AV is. Once in a great while, ClamWin might detect a file when Clam AV does not. This is usually because ClamWin does not have the latest Clam AV code ported over from Linux to Windows, so it can not process a certain signature correctly. ClamWin is presently 2 versions behind the Clam Av Linux version, so this might apply here. In that case, Clam AV does not have a "bad" signature to correct. You will have to "whitelist" the folder/file in ClamWin. Do you know how to do that? If you do not , below is a short explanation.
Open ClamWin and go to Tools, Preferences, Filters, Exclude Matching Filenames. Open the New Item Box (the square). Insert the folder, filename and extension you want to whitelist in the square, then OK it. Insert the information like this: C:\Folder\Subfolder (if any)\Filename.extension. This will exclude the file in that folder from scans of that folder. If you are in a hurry, just insert Filename.extension, which will exclude it from scans in any folder. Whitelisting will not exclude the file from scanning if you scan just that file and nothing else. Let us know how it goes. Regards, |
|||||||||||
|
|||||||||||||
|
 | False positive Malware | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.