Hi,

I just noticed today that ClamWin has "found" a virus in one of my ACT! database files. Its an 83MB *.rdb file. ClamWin claims it has found "Suspect.Zip" but I'm not so sure. I'm running engine 0.88.7 and my virus database files are as follows:

main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm)
daily.cvd is up to date (version: 2560, sigs: 6116, f-level: 9, builder: ccordes)

Any help or insight into this would be most appreciated.

-Nick

A search of the ClamAV signature database at https://clamav-du.securesites.net/cgi-bin/clamgrok didnt turn up anything. If you have the item in quarantine, you could upload it to VirusTotal and scan it with other antivirus programs at https://www.virustotal.com/en/virustotalf.html. If none of the other antivirus programs find anything, it is probably a false positive, which it sounds like since it isn't even in ClamWin's signature database. Send the item to ClamAV (maybe at https://cgi.clamav.net/sendvirus.cgi) so they are aware of the false positive and can fix it.

Regards,

Suspect.Zip is similar to Broken.Exe, it isn't actually any "virus" or anything containing a signature. It just means that it is a suspicious zip file. Microsoft probably password encrypts their zips which would make it "suspicious."

Ignore it.

Thanks for your help. I've used other scanners on the file and turned up nothing. The people who make ACT! are MS fans and everything goes into an MSSQL database, so perhaps there is some MS voodoo going on in the file. Also thanks for the heads up on those other sites, I appreciate it.

Most likely there was a difference between the zip file header and something in the file. ClamWin did its job.

Regards,