On Tue, 2006-05-23 at 11:36 -0600, Alex Georgopoulos wrote: > First I would like to say I've submitted files via the web interface with > the false positive using the method from the FAQ. I have a bunch of excel > files that won't get through because clam thinks it has this W97 macro > virus. We have had 3 commercial AV vendors analyze this file and they said > it is not a macro virus but I cannot get any response from the clam devs as > to why they think it is one. Anybody out there seeing this too? This is > causing a serious issue with our customer and if I can't get any feedback I > am going to be forced to abandon the product which is something I don't want > to do.
They aren't false positives. The files contain virus remnants in hidden sheets. They have been incorrectly cleaned by a commercial AV. You can check this for yourself, if you look, you'll see that the file contains the following string: Add New Workbook, Infect It, Save It As Book1. I'd guess it unlikely that a legitimate spreadsheet would try and infect a Workbook. -trog
signature.asc
Description: This is a digitally signed message part
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
