You are here

ClamWin Portable - A lot Of False Positive?

6 posts / 0 new
Last post
DarrenAnton
Offline
Last seen: 12 years 3 weeks ago
Joined: 2011-05-12 19:58
ClamWin Portable - A lot Of False Positive?

ClamWin Portable... I just checked this program out. I have the lastest updates.

Known viruses: 963005
Engine version: 0.96
Scanned directories: 27112
Scanned files: 132643
Infected files: 29

(I run AVG as my normal AV program)
and have not had a problem with the 2 Computers I have here. The Other computer has the same problem.

I check the first 5 files at..
http://www.virustotal.com/

They show up as Clean.

Is this Normal for ClamWin as in it's Not ready for prime time yet, or Can anyone think of any other problem why I get this?

I also get a lot of "Permission denied" scaning a lot of files. ClamWin Portable
can not seem to overcome this "Permission denied". Is that normal for this program? Are they working on a fix for it. as it is this ClamWin Portable seems Useless.

Are there any other Better AV Portable programs out there?

Thanks...

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 47 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Run as Admin

AVG is already running its scanner with the permission of an admin. With ClamWin, as it is not installed and has no specified permissions, you'll need to run it as admin for it to have access to everything. You can right-click on it in the PA.c Menu and select run as admin. Generally, AVG has more false positive issues than ClamWin (especially with portable software). It is possible for ClamWin to have a bad definitions update. You should research the individual files and report them if they are false positives. They're good about updating the DB.

Sometimes, the impossible can become possible, if you're awesome!

spg SCOTT
spg SCOTT's picture
Offline
Last seen: 12 years 4 months ago
Joined: 2008-08-26 14:11
As always with false positives...

...the first thing is to check the filenames and locations. (maybe give a couple of examples? - that would probably be the most informative)

When runnning a scan with an on demand AV like Clam it is quite likely that the other (resident) AV may alert since there are decrypted definition signatures in memory (used to scan/compare) and so could cause problems.

An example of this would be (in a very specific case) my AV will detect MBAM signatures in memory when a scan is run in both of them (and a certain setting is chosen to account for this)

“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

weringpeter
Offline
Last seen: 12 years 10 months ago
Joined: 2010-06-14 08:48
False positives.

I have the same problem it is giving me a number of false positives.

Like this one:
i386\WMPLAYER.EX_: Trojan.GenericFF-1 FOUND

Anyone? Thanks.

Whatever is good, is not bad.

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 47 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Report

As always, you can check the file out with something like VirusTotal.com to check it on multiple engines. If it is indeed a false positive in ClamWin's database, it should be reported to the ClamWin and ClamAV folks. Note that we don't maintain or are in any way responsible for their antivirus database.

Sometimes, the impossible can become possible, if you're awesome!

weringpeter
Offline
Last seen: 12 years 10 months ago
Joined: 2010-06-14 08:48
Clam win

Thanks.

Virustotal gives the
Result:
0/ 44 (0.0%)

I think it's better to use Clam for scanning the USB, (I never had any false positives on there) and live the rest of the computer for some other antivirus.

Comments?

Whatever is good, is not bad.

Log in or register to post comments