OMG, OMG, OMG
Today ClamWinPortable has found a virus in ClamWinPortable
ClamWinPortable.exe: Trojan.Fraudload-2264 FOUND
Does this mean I should delete ClamWinPortable
Of course not
Tim
This topic has been posted for its obvious humor and for historical reference.
On the serious side:
As always this is just a False Positive, NO official release from PortableApps.com has Ever been found to have a real virus, Ever.
On the technical side:
The FP was first found using data base version 9764
What probably happened is that a recent update to the ClamAV database detects something in the launcher as similar to something else out there, usually this has to do with the packing/compression of the app.
On the practical side:
The file has been uploaded to the two recommended testing sites:
http://www.virustotal.com/en/indexx.html
and
http://virusscan.jotti.org/
and was found to be clean by all scanners except ClamAV.
A copy of the file was been uploaded to ClamAV and a False Positive report filed:
http://cgi.clamav.net/sendvirus.cgi
It is anticipated they will fix the FP soon.
Currently the file shows as clean by all scanners at VirusTotal and only by ClamAV at Jotti.
Please stand by, we now return you to your regularly scheduled Off Topic conversations
ClamWinPortable has found a virus in ClamWinPortable.
Can we trust an infected virus scanner?
Of course not, so the test result is probably false.
If the test result is false, ClamWinPortable has no virus inside
And now, back to off-topic 8)
its so hilarious that this seems to be the most common problem that people ask for support on for ClamWin.
this is an epic fail
As anticipated, as of the latest dat, 9770, the False Positive has been removed.
The same false positive was being seen in VLCPortable.exe this morning [I did not mention it earlier], I uploaded a copy of that file as well and the FP for that has been fixed.
For those who may choose to jump on the ClamAV/ClamWin teams you have to remember that ClamWinPortable.exe is NOT part of their packages, it is a file that we supplied to make ClamWin portable, and ClamWinPortable.exe has nothing at all to do with them. The methods that we use to make launchers are used by the bad guys too. False Positives happen and I don't jump on the antimalware vendors when they happen.
If you trust the source of your files, you should always get other opinions before jumping the gun, and always give your vendor the chance to fix the problem.
My only disappointment in the ClamAv team is that they seem to no longer acknowledge when a FP has been reported and fixed. In the past they would send you an email [there is an option for that] indicating their error and fix. Now they just seem to not want to acknowledge it
Tim
Things have got to get better, they can't get worse, or can they?