Hi there, On Sun, 13 May 2012, Teresa K Fowler wrote:
For the past several weeks, I've had several viruses detected by ClamAV that show as real viruses, not false positives, although I haven't had any false positives since the first detection. The first detection showed blue false positives and maroon viruses both. ... I run Windows Vista Home Premium 32 bit SP 2.
Just to clarify things, I suspect that you're running something other than ClamAV. You're probably using something like ClamWin. This will have a GUI, with buttons to click to make life easy for you. It seems that the tool you're using can produce report documents with interesting bits highlighted in colour. ClamAV doesn't do anything like that. ClamAV itself is a simple utility used by other software to examine data. ClamAV does that, returning to the software which invoked it information about what it found. It's then up to the software which invoked ClamAV to do whatever it chooses to do. ClamAV itself when used like this doesn't interact with the user in any way. It knows nothing about maroon and blue colours. And it doesn't delete files, nor quarantine them, nor even attempt to change them in any way. ClamAV doesn't know the difference between malicious software and a false positive, although it is possible to tell it to ignore certain patterns - for example if you have an urgent fix to apply and cannot afford to wait for the routine false-positive fixing process to take its normal course. Your anti-virus tool may perhaps not make this ClamAV feature available to you easily, if at all.
... I've been running ClamAV for at least 6 years, no problems, recommended by my ISP, who uses ClamAV for their email. They can't help me with this and haven't heard of it happening to anyone else. I haven't tried uninstalling and reinstalling ClamAV; not sure if it is a good idea yet. I have run ClamAV in the quarantine option, but two files don't show they are quarantined. I need to know how to proceed: a substitute browser or ClamAV solution?
Upgrade? See below.
I also run MalwareBytes Anti-Malware, SUPER Anti-Spyware Free Edition, both recommended by my ISP, and Windows Defender. None of these other three have picked up any of the above files. I also wanted to notify in case anyone else is experiencing this problem.
Although you must be using something in addition to ClamAV, the ClamAV engines (if kept up to date) are probably identical with those used by other users of this mailing list. So it is useful to know about your experiences. Things like false positives affect all users. It is important to give full information about the current state of your ClamAV engine and databases in any report that you make. In this case, as you seem to be in a minority at least of your ISP's customers, it seems likely that your ClamAV database or perhaps even ClamAV itself is out of date and should be upgraded. Unfortunately you probably got your version of ClamAV not from the originators but from a third party. The third party likely provided the tool which you're using and ClamAV as a package. You may need to go to them for the updated package. Assuming that they have updated their package, upgrading to the latest version (or uninstalling and reinstalling) should have the desired effect. If they have not updated it then you may be able to update ClamAV itself, but over the years there have been changes to the software interface between ClamAV and the tools which use it, so there is a possibility that this will not work. Updating the databases alone (without making changes to the ClamAV engines) may be possible depending on the age of your existing version of ClamAV. -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
