On 22/01/2010, at 16.16, G.W. Haywood wrote: > Hi there, > > On Fri, 22 Jan 2010 Jon Bendtsen wrote: > >> I have some files that ClamAV suddenly started reporting as a >> Trojan. The files are unchanged since about a year ago, but i scan >> the files weekly regardless. > > This is not a terribly efficient (nor even effective) way of doing > what I think you want to do, and my guess is that you don't really > know if the files have been changed in the past year or not anyway.
I know, because i scan on the backup server. The backup server uses rsync to move the files over, and any changes in existing files will be noticed. >> I have rescanned the files using virustotal.com, and i get other "positive >> hits" from >> Antiy-AVL 2.0.3.7 2010.01.20 >> Trojan/Win32.Shutdowner.gen >> >> for all the files that ClamAV says are the trojan above. > > Make sure that different virus scanning engines give positive results > on any given file. Then start to worry. Look into the activities of > the virus as reported by the anti-virus software suppliers and see if > you can match what you're seeing with what they say. I dont know Anity-AVL. Does it use ClamAV? And what about the Macfee that found something? >> How do i KNOW FOR SURE, if it is a real positive or just a false >> positive? > > If by writing it in capitals you mean 100% sure, then you can very it does mean that. [cuuuuut] >> how do i get ClamAV to stop reporting it? And not just my own >> installation, but your installation as well. > > Read the man page and use the exclusion facilities. You don't need to > worry about my installation. Nor do I. :) I do need to worry about your and any other ClamAV installation. The software in question is something we programmed and released ourselves. We can not have a situation where our customers think our software contains a virus/Trojan. JonB _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
