I just wanted to note that ClamAV seems to have changed it's policy on it's online scans through Jotti
http://virusscan.jotti.org/
and VirusTotal
http://www.virustotal.com/en/indexx.html
In the past the online versions were set to Advanced, find Potentially Unwanted Applications (PUA).
It currently "seems" to NOT be doing this.
I detected 3 False Positives the other day (2 in C:\i386 !!!)
I reported them to Clam today and decided to upload to our 2 standard testing sites to see how long before they were updated.
They were not detected.
Personally I think this is a bad idea. I would rather the online version be set to "paranoid mode" so we could weed out the FPs that might be in there, but that's just me.
Anyway, so if you see one result from your local CWP and a different result online this might be the reason.
Just wanted you to know,
Tim
-
My respect level for ClamAV has just dropped sharply.
They have corrected the FPs that I brought to their attention but there is no mention in the update notes of fixing a FP.
In the past they admitted their mistakes, that was one of the things I respected about them. Perhaps they no longer want to acknowledge their very High FP rates.
They did not even reply to my submission, they used to.
Sad ClamAV, sad
Tim
-
Things have got to get better, they can't get worse, or can they?
No wonder there's a lot of FP's with an option like this :
"find Potentially Unwanted Applications"
AV-programs should detect VIRUSES, not play the IP-police .
Sometimes ClamAV replies to a FP-report, sometimes they don't,
they just fix it in the next signature-update ..