Hello, in the Clamav Source clamav-0.96rc1.tar.gz the Avira Scanner ( a german AntiVirus Company / www.avira.com ) finds a "Trojan horse TR/Crypt.XPACK.Gen"
I informed avira about the false positive.
The point: the detection is done by some generics and is a 100% hit !
But in this special case a false positive.
# antivir --allfiles -s -z /tmp/clamav-0.96rc1.tar.gz
AntiVir / Linux Version 2.1.12-260
Copyright (c) 2008 by Avira GmbH.
All rights reserved.
VDF version: 7.10.5.109 created 16 Mar 2010
AntiVir license: 08154711 for DATEV eG
auto excluding /sys/ from scans (is a special fs)
auto excluding /proc from scans (is a special fs)
auto excluding /var/lib/ntp/proc from scans (is a special fs)
archive: /tmp/clamav-0.96rc1.tar.gz --> clamav-0.96rc1.tar -->
clamav-0.96rc1/test/.split/split.clam.cabaa --> clam.exe extract error (Error
file read.)
archive: /tmp/clamav-0.96rc1.tar.gz --> clamav-0.96rc1.tar -->
clamav-0.96rc1/test/.split/split.clam.chmaa --> /#SYSTEM extract error (Header
of archive is bad.)
archive: /tmp/clamav-0.96rc1.tar.gz --> clamav-0.96rc1.tar -->
clamav-0.96rc1/test/.split/split.clam.chmaa --> /clam.exe.txt extract error
(Header of archive is malformed.)
archive: /tmp/clamav-0.96rc1.tar.gz --> clamav-0.96rc1.tar -->
clamav-0.96rc1/test/.split/split.clam.exe.binhexaa --> clam.exe extract error
(Unexpected end of file.)
archive: /tmp/clamav-0.96rc1.tar.gz --> clamav-0.96rc1.tar -->
clamav-0.96rc1/test/.split/split.clam.exe.bz2aa --> unkwn.tar extract error
(Unexpected end of file.)
archive: /tmp/clamav-0.96rc1.tar.gz --> clamav-0.96rc1.tar -->
clamav-0.96rc1/test/.split/split.clam.newc.cpioaa --> clam.exe extract error
(Error incomplete block read.)
/tmp/clamav-0.96rc1.tar.gz
Date: 17.03.2010 Time: 08:39:38 Size: 37966412
WARNING: archive not completely scanned: contents exceed 1073741824 bytes
WARNING: archive not completely scanned: processing error
ALERT: [TR/Crypt.XPACK.Gen] /tmp/clamav-0.96rc1.tar.gz --> clamav-0.96rc1.tar
--> clamav-0.96rc1/test/.split/split.clam_IScab_ext.exeaa <<< Is the Trojan
horse TR/Crypt.XPACK.Gen
------ scan results ------
directories: 0
scanned files: 4864
alerts: 1
suspicious: 0
repaired: 0
deleted: 0
renamed: 0
quarantined: 0
warnings: 2
scan time: 00:00:17
--------------------------
Thank you for using AntiVir.
--
Andreas Schulze
Internetdienste | P532
DATEV eG
90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196
E-Mail info @datev.de | Internet www.datev.de
Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg
Nr.70
Vorstand
Prof. Dieter Kempf (Vorsitzender)
Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender)
Dipl.-Kfm. Michael Leistenschneider
Jörg Rabe v. Pappenheim
Dipl.-Vw. Eckhard Schwarzer
Vorsitzender des Aufsichtsrates: Reinhard Verholen
GnuPG-Signatur.asc
Description: digitale Signatur dieser Nachricht von Andreas Schulze
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
