You are here

ClamWin: False Positives I hope?

5 posts / 0 new
Last post
TomHall
Offline
Last seen: 9 years 5 months ago
Joined: 2014-10-10 11:47
ClamWin: False Positives I hope?

A fresh install of both the platform and apps on a new USB stick. ClamWin reports:

E:\PortableApps\OperaMailPortable\App\OperaMail\gstreamer\plugins\gstautodetect.dll: Win.Trojan.Ramnit-2977 FOUND
E:\PortableApps\OperaPortable\App\Opera\gstreamer\plugins\gstautodetect.dll: Win.Trojan.Ramnit-2977 FOUND
E:\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe: Win.Adware.1017807 FOUND

Are these false?

John T. Haller
John T. Haller's picture
Online
Last seen: 26 min 1 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Virus Total

If they're the unmodified versions from here, they're absolutely false positives. To be sure, upload your affected files to www.virustotal.com and have it checked by multiple engines.

ClamWin uses ClamAV as its scanner which has a high false positive rate for Windows apps. *NEVER* take the word of ClamAV without confirming it. Never do that with any antivirus engine, realistically.

Sometimes, the impossible can become possible, if you're awesome!

TomHall
Offline
Last seen: 9 years 5 months ago
Joined: 2014-10-10 11:47
False Positives

Definitely unmodified and not even used. Clamwin is perhaps not worth using if false positives are that common. Thanks for the reply.

TomHall

John T. Haller
John T. Haller's picture
Online
Last seen: 26 min 1 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
False Positives Are Common

False positives are very common amongst major free antivirus, including closed source commercial ones like AVG, Avast, etc. MSSE has fewer false positives but protects against fewer threats. Even paid ones will have issues. Never blindly trust your antivirus either way. If you get an alert, check it online against others using Virus Total. If you're suspicious of a file from somewhere and your antivirus says it's clean, double check online to be sure. An antivirus is a guide, not a definitive solution.

Sometimes, the impossible can become possible, if you're awesome!

allan feldberg
Offline
Last seen: 8 years 1 month ago
Joined: 2009-03-05 14:23
false positives from ClamAV

clamav results raised my ire until i was reminded about false positives. took a while to find this page. clam's results were:
E:\PortableApps\IObitUninstallerPortable\App\uninstaller\DatabaseDownload.exe: moved to 'E:\PortableApps\ClamWinPortable\Data\quarantine\DatabaseDownload.exe.infected'
E:\PortableApps\uTorrentPortable\App\uTorrent\updates\3.4.5_41372.exe: moved to 'E:\PortableApps\ClamWinPortable\Data\quarantine\3.4.5_41372.exe.infected'
E:\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe: moved to 'E:\PortableApps\ClamWinPortable\Data\quarantine\uTorrent.exe.infected'
least complicated action for me was to just download and install afresh, in each drive with a portable apps platform.
perhaps a different level of complicated.

allan.

allan

Log in or register to post comments