Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome
Hi, Is there any documentation available (other than user manual) to understand the clam-AV code design. Thanks James Henrydoss On Tue, May 15, 2012 at 4:20 PM, Teresa K. Fowler teaquil...@lighthouse.net wrote: On 05/15/2012 12:42 AM, Jim Preston wrote: [snip] Best of luck and let me know if updating and reinstalling Chrome works. -- Jim Preston Dear Jim, The first ClamWin full scan I ran with the quarantine preference. The four quarantined files went away. Google Chrome was inactivated, as you anticipated. Two flagged files were the two that hadn't gone into quarantine. I re-ran a ClamWin full scan with the remove preference. It took away the two flagged files and gave me a 0 infected files result in green. Chrome was still inactive. I have now uninstalled it. I will report back after reinstalling and trying another ClamWin full scan. I'll try the report only preference; then if needed, quarantine; then if needed, remove. [snip] Feel free to post any portion of this thread on the ClamWin forum. Although some of my clients use ClamWin, I am not signed up on that mailing list at this time. Jim, Thanks again. When I get Google Chrome back and can scan with ClamWin again without false flags/shut downs, I'll report my experience to the ClamWin list. Yours will be the teaching moments. My career was in community journalism. I was teaching the use of newswire/page design software run on a mainframe. Then Page 1 designers went Mac. The regional daily didn't go PC/Internet until just as I was leaving. We did a whole lot of redesign and expansion using the old system. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome
James, In terms of documentation, at this point you have: - the source code - Creating Signatures for ClamAV www.clamav.net/doc/latest/signatures.pdf - ClamAV user manual www.clamav.net/doc/latest/clamdoc.pdf - ClamAV bytecode compiler user manual http://www.google.com/url?sa=trct=jq=esrc=ssource=webcd=1sqi=2ved=0CFcQFjAAurl=http%3A%2F%2Fgit.clamav.net%2Fgitweb%3Fp%3Dclamav-bytecode-compiler.git%3Ba%3Dblob_plain%3Bf%3Ddocs%2Fuser%2Fclambc-user.pdfei=Ygu1T5XOOcKe6AGwpbkLusg=AFQjCNEUh5FUYwoKqF3pbLG5Be-6hBk5Rwsig2=yl-jhFgf42ax-hsTY43eiA - VRT blog vrt-blog.snort.org/ - ClamAV blog blog.clamav.net/ Thanks, - Alain On Thu, May 17, 2012 at 10:25 AM, james henrydoss james.henryd...@gmail.com wrote: Hi, Is there any documentation available (other than user manual) to understand the clam-AV code design. Thanks James Henrydoss On Tue, May 15, 2012 at 4:20 PM, Teresa K. Fowler teaquil...@lighthouse.net wrote: On 05/15/2012 12:42 AM, Jim Preston wrote: [snip] Best of luck and let me know if updating and reinstalling Chrome works. -- Jim Preston Dear Jim, The first ClamWin full scan I ran with the quarantine preference. The four quarantined files went away. Google Chrome was inactivated, as you anticipated. Two flagged files were the two that hadn't gone into quarantine. I re-ran a ClamWin full scan with the remove preference. It took away the two flagged files and gave me a 0 infected files result in green. Chrome was still inactive. I have now uninstalled it. I will report back after reinstalling and trying another ClamWin full scan. I'll try the report only preference; then if needed, quarantine; then if needed, remove. [snip] Feel free to post any portion of this thread on the ClamWin forum. Although some of my clients use ClamWin, I am not signed up on that mailing list at this time. Jim, Thanks again. When I get Google Chrome back and can scan with ClamWin again without false flags/shut downs, I'll report my experience to the ClamWin list. Yours will be the teaching moments. My career was in community journalism. I was teaching the use of newswire/page design software run on a mainframe. Then Page 1 designers went Mac. The regional daily didn't go PC/Internet until just as I was leaving. We did a whole lot of redesign and expansion using the old system. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome
On Thu, 17 May 2012 10:25:50 -0400 james henrydoss james.henryd...@gmail.com wrote: Hi, Is there any documentation available (other than user manual) to understand the clam-AV code design. Source code. -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu May 17 16:32:01 CEST 2012 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome
On Thu, 17 May 2012, Tomasz Kojm wrote: On Thu, 17 May 2012 10:25:50 -0400 james henrydoss james.henryd...@gmail.com wrote: Hi, Is there any documentation available (other than user manual) to understand the clam-AV code design. Source code. ... and studying the source code may be supplemented by Doxygen generated source code documentation (that can cross reference documentation and code and may offer dependency graphs), available for e.g. at http://fossies.org/dox/clamav Jens ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome
On 05/15/2012 12:42 AM, Jim Preston wrote: [snip] Best of luck and let me know if updating and reinstalling Chrome works. -- Jim Preston Dear Jim, The first ClamWin full scan I ran with the quarantine preference. The four quarantined files went away. Google Chrome was inactivated, as you anticipated. Two flagged files were the two that hadn't gone into quarantine. I re-ran a ClamWin full scan with the remove preference. It took away the two flagged files and gave me a 0 infected files result in green. Chrome was still inactive. I have now uninstalled it. I will report back after reinstalling and trying another ClamWin full scan. I'll try the report only preference; then if needed, quarantine; then if needed, remove. [snip] Feel free to post any portion of this thread on the ClamWin forum. Although some of my clients use ClamWin, I am not signed up on that mailing list at this time. Jim, Thanks again. When I get Google Chrome back and can scan with ClamWin again without false flags/shut downs, I'll report my experience to the ClamWin list. Yours will be the teaching moments. My career was in community journalism. I was teaching the use of newswire/page design software run on a mainframe. Then Page 1 designers went Mac. The regional daily didn't go PC/Internet until just as I was leaving. We did a whole lot of redesign and expansion using the old system. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome
On 05/13/2012 03:00 PM, Teresa K. Fowler wrote: Could my culprit be ClamWin? I started out with ClamWin years ago, following download links recommended by my ISP/computer repair service. I thought it was the same thing as ClamAV, that ClamAV was the new name, or ClamWin was the free edition. What I am actually running is ClamWin Free Antivirus, a.k.a. ClamWin Antivirus. I thought I had the same thing used by my ISP to scan email. What do I do? Uninstall ClamWin and install ClamAV? Teresa [snip] Hi Teresa, A couple of things, contrary to most corporate mail, this forum uses bottom posting meaning that you add your comments at the bottom of the posting rather than on top. Normally non relevant portions are then snipped out as I have done here. There are two main reasons for this: Firstly, it reduces the size of the emails Secondly, it makes logical sense as there is your question / query / comment is at the top of the email (forum posting) and the response is at the bottom. Corporate email tends to top post as the number of people involved are limited and mostly fixed and the recipients are mostly interested in just the latest response. Since this is mailing list, you never know who is going to reply and old stuff in the posting is just noise for the most part. You are posting to the ClamAV Users Mailing List. Your best solution at this point is to post to the ClamWin mailing list, http://www.clamwin.com/content/view/123/90/ where those users will be in a better position to directly solve your issues. This mailing list is primarily concerned with the engines (scanning, updating, false positive, etc) and addressing issues relating to not being able to compile the software from source code, crashing of the scan engines, falsely reporting malware in files that are clean, and things like that. Your problem is specific to ClamWin and it's quarantining of files. It is a little confusing but ClamWin is a 'complete' solution for the Microsoft Windows platform. ClamAV is at the heart of the various platform solutions of which ClamWin is one. Each of the 'complete' solutions are maintained by their own developers using the free and open source scan technology provided by ClamAV. Specifically from your original post, you were reporting a problem with the Google Chrome files being quarantined. That was an example of a false positive which was corrected a few days ago (I do not remember exactly when as I was not directly affected by the false positive). If that is your only true issue, updating to the latest signatures and reinstalling Google Chrome should resolve the issue. ClamAV itself, is primarily used by mail servers to scan mail before passing it on to end users or forwarding to other mail servers. ClamAV just scans files and other streams of data looking for malware. The ClamAV engines just report if malware was found and do not quarantine, clean, or do anything else with the files. When using clamscan or other feature of ClamAV to scan a platform, it is up to the user to decide what to do with the reported files. Due to the issue this leaves for the average user, other developers have provided more complete solutions such as ClamWin. What do I do? Uninstall ClamWin and install ClamAV? If you choose to go with just ClamAV, then you will have to accept the responsibility of what to do when a scan reports malware. Nobody but you can decide if you have the expertise and time to take on this responsibility. See what the ClamWin support forum can provide before you make the leap to abandon ClamWin. I do hope I have clarified things for you, if not just ignore this posting except for the etiquette of not top posting. -- Jim Preston ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome
-Original Message- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Jim Preston Sent: Monday, May 14, 2012 2:39 AM To: ClamAV users ML Subject: Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome On 05/13/2012 03:00 PM, Teresa K. Fowler wrote: Could my culprit be ClamWin? I started out with ClamWin years ago, following download links recommended by my ISP/computer repair service. I thought it was the same thing as ClamAV, that ClamAV was the new name, or ClamWin was the free edition. What I am actually running is ClamWin Free Antivirus, a.k.a. ClamWin Antivirus. I thought I had the same thing used by my ISP to scan email. What do I do? Uninstall ClamWin and install ClamAV? Teresa [snip] On 5-14-12 2:39 a.m., Jim Preston wrote: Hi Teresa, A couple of things, contrary to most corporate mail, this forum uses bottom posting meaning that you add your comments at the bottom of the posting rather than on top. Normally non relevant portions are then snipped out as I have done here. There are two main reasons for this: Firstly, it reduces the size of the emails Secondly, it makes logical sense as there is your question / query / comment is at the top of the email (forum posting) and the response is at the bottom. Corporate email tends to top post as the number of people involved are limited and mostly fixed and the recipients are mostly interested in just the latest response. Since this is mailing list, you never know who is going to reply and old stuff in the posting is just noise for the most part. You are posting to the ClamAV Users Mailing List. Your best solution at this point is to post to the ClamWin mailing list, http://www.clamwin.com/content/view/123/90/ where those users will be in a better position to directly solve your issues. This mailing list is primarily concerned with the engines (scanning, updating, false positive, etc) and addressing issues relating to not being able to compile the software from source code, crashing of the scan engines, falsely reporting malware in files that are clean, and things like that. Your problem is specific to ClamWin and it's quarantining of files. It is a little confusing but ClamWin is a 'complete' solution for the Microsoft Windows platform. ClamAV is at the heart of the various platform solutions of which ClamWin is one. Each of the 'complete' solutions are maintained by their own developers using the free and open source scan technology provided by ClamAV. Specifically from your original post, you were reporting a problem with the Google Chrome files being quarantined. That was an example of a false positive which was corrected a few days ago (I do not remember exactly when as I was not directly affected by the false positive). If that is your only true issue, updating to the latest signatures and reinstalling Google Chrome should resolve the issue. ClamAV itself, is primarily used by mail servers to scan mail before passing it on to end users or forwarding to other mail servers. ClamAV just scans files and other streams of data looking for malware. The ClamAV engines just report if malware was found and do not quarantine, clean, or do anything else with the files. When using clamscan or other feature of ClamAV to scan a ClamWin. What do I do? Uninstall ClamWin and install ClamAV? If you choose to go with just ClamAV, then you will have to accept the responsibility of what to do when a scan reports malware. Nobody but you can decide if you have the expertise and time to take on this responsibility. See what the ClamWin support forum can provide before you make the leap to abandon ClamWin. I do hope I have clarified things for you, if not just ignore this posting except for the etiquette of not top posting. -- Jim Preston Dear Jim Preston, You have explained everything beautifully, clearly even for me, a right-brain writer, and sadly NOT a computer engineer. Therefore I will stay with ClamWin, because I have neither the expertise nor time to go with ClamAV. Most of these false positives I just wait out, because someone more computer brilliant than me always reports, and the problem goes away. This one hung on, and no one else seemed to be talking about it, so I did my best to contribute. Thank you for clearing up all the remaining issues and alerting me that the problem has been solved in the past few days. I will take your advice and update Clamwin to the latest signatures, then reinstall Google Chrome one more time. Teresa K. Fowler PS: Have you considered writing computer texts for non-engineers? You have a gift for putting your finger on all the elusive background gaps in knowledge that prevent learning advancement, and for filling in those gaps everyone else assumes everyone knows with clear information delivered in a friendly, non-condescending tone absent in many tutorials. And without the jocular yatayatayata of some books
Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome
On 05/14/2012 12:18 PM, Teresa K. Fowler wrote: [snip] I do hope I have clarified things for you, if not just ignore this posting except for the etiquette of not top posting. -- Jim Preston Dear Jim Preston, You have explained everything beautifully, clearly even for me, a right-brain writer, and sadly NOT a computer engineer. Therefore I will stay with ClamWin, because I have neither the expertise nor time to go with ClamAV. Most of these false positives I just wait out, because someone more computer brilliant than me always reports, and the problem goes away. This one hung on, and no one else seemed to be talking about it, so I did my best to contribute. Thank you for clearing up all the remaining issues and alerting me that the problem has been solved in the past few days. I will take your advice and update Clamwin to the latest signatures, then reinstall Google Chrome one more time. Teresa K. Fowler PS: Have you considered writing computer texts for non-engineers? You have a gift for putting your finger on all the elusive background gaps in knowledge that prevent learning advancement, and for filling in those gaps everyone else assumes everyone knows with clear information delivered in a friendly, non-condescending tone absent in many tutorials. And without the jocular yatayatayata of some books such as the For Dummies series. Will you post your above to the Clamwin mailing list? If not, with your permission, and if you think it is still necessary, I will post a summary including your response on the list where I might better have started this journey. PPS: Do I get bottom posting now? Seems backwards. Yes, you have the bottom posting correct now. Having spent 30 years in the corporate world, it was weird at first but I like it much better now. Thanks, I actually spent a great deal of my working career in support so I have developed a knack for explaining things at at a level I hope the recipient will understand. Feel free to post any portion of this thread on the ClamWin forum. Although some of my clients use ClamWin, I am not signed up on that mailing list at this time. Best of luck and let me know if updating and reinstalling Chrome works. -- Jim Preston ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome
Hi there, On Sun, 13 May 2012, Teresa K Fowler wrote: For the past several weeks, I've had several viruses detected by ClamAV that show as real viruses, not false positives, although I haven't had any false positives since the first detection. The first detection showed blue false positives and maroon viruses both. ... I run Windows Vista Home Premium 32 bit SP 2. Just to clarify things, I suspect that you're running something other than ClamAV. You're probably using something like ClamWin. This will have a GUI, with buttons to click to make life easy for you. It seems that the tool you're using can produce report documents with interesting bits highlighted in colour. ClamAV doesn't do anything like that. ClamAV itself is a simple utility used by other software to examine data. ClamAV does that, returning to the software which invoked it information about what it found. It's then up to the software which invoked ClamAV to do whatever it chooses to do. ClamAV itself when used like this doesn't interact with the user in any way. It knows nothing about maroon and blue colours. And it doesn't delete files, nor quarantine them, nor even attempt to change them in any way. ClamAV doesn't know the difference between malicious software and a false positive, although it is possible to tell it to ignore certain patterns - for example if you have an urgent fix to apply and cannot afford to wait for the routine false-positive fixing process to take its normal course. Your anti-virus tool may perhaps not make this ClamAV feature available to you easily, if at all. ... I've been running ClamAV for at least 6 years, no problems, recommended by my ISP, who uses ClamAV for their email. They can't help me with this and haven't heard of it happening to anyone else. I haven't tried uninstalling and reinstalling ClamAV; not sure if it is a good idea yet. I have run ClamAV in the quarantine option, but two files don't show they are quarantined. I need to know how to proceed: a substitute browser or ClamAV solution? Upgrade? See below. I also run MalwareBytes Anti-Malware, SUPER Anti-Spyware Free Edition, both recommended by my ISP, and Windows Defender. None of these other three have picked up any of the above files. I also wanted to notify in case anyone else is experiencing this problem. Although you must be using something in addition to ClamAV, the ClamAV engines (if kept up to date) are probably identical with those used by other users of this mailing list. So it is useful to know about your experiences. Things like false positives affect all users. It is important to give full information about the current state of your ClamAV engine and databases in any report that you make. In this case, as you seem to be in a minority at least of your ISP's customers, it seems likely that your ClamAV database or perhaps even ClamAV itself is out of date and should be upgraded. Unfortunately you probably got your version of ClamAV not from the originators but from a third party. The third party likely provided the tool which you're using and ClamAV as a package. You may need to go to them for the updated package. Assuming that they have updated their package, upgrading to the latest version (or uninstalling and reinstalling) should have the desired effect. If they have not updated it then you may be able to update ClamAV itself, but over the years there have been changes to the software interface between ClamAV and the tools which use it, so there is a possibility that this will not work. Updating the databases alone (without making changes to the ClamAV engines) may be possible depending on the age of your existing version of ClamAV. -- 73, Ged. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome
Hi Alain, I haven't been able to browse to the files, for ClamAV web interface attachment, on the User Identity from which they were flagged. I've asked for help from my ISP, but no response yet. The only thing I can think to do is to log on in the UserID where the flagged files exist, and try to browse to them from there using the link you provide. Sorry this is mostly new to me. Thanks for your help. Teresa -Original Message- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Alain Zidouemba Sent: Saturday, May 12, 2012 2:25 PM To: ClamAV users ML Subject: Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome Teresa, Would you mind submitting the files below to http://www.clamav.net/lang/en/sendvirus/submit-fp/? This will help us fix the problem you are experiencing. C:\Users\tkfowler\AppData\Local\Google\Chrome\Application\18.0.1025.168\chro me.dll C:\Users\tkfowler\AppData\Local\Google\Chrome\Application\18.0.1025.168\Inst aller\chrome.7z Thanks, - Alain On Sat, May 12, 2012 at 2:06 PM, Teresa K. Fowler teaquil...@lighthouse.net wrote: Dear ClamAV Users List: For the past several weeks, I've had several viruses detected by ClamAV that show as real viruses, not false positives, although I haven't had any false positives since the first detection. The first detection showed blue false positives and maroon viruses both. I have tried several times to report as I have done in the past via the web interface, but I can't browse to these files as they are under another User Identity although detected by my Administrative Identity. I run Windows Vista Home Premium 32 bit SP 2. These are the files as picked up and pasted from a ClamAV scan report 5-6-12. They are maroon bold-faced in the report: C:\Users\tkfowler\AppData\Local\Google\Chrome\Application\18.0.1025.16 8\chro me.dll: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Local\Google\Chrome\Application\18.0.1025.16 8\Inst aller\chrome.7z: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Roaming\.clamwin\quarantine\chrome.7z.infected: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Roaming\.clamwin\quarantine\chrome.dll.infected: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Roaming\.clamwin\quarantine\chrome.dll.infec ted.00 0.infected: W32.Virut.Gen.D-148 FOUND What happens as I am running a ClamAV scan is all the Google Chrome shortcuts are inactivated. When it is done, I can't bring up Google Chrome. From Control Panel/Programs, the first time Google Chrome already was uninstalled. The other four or five times, I've had to uninstall and reinstall. So far, I've been able to get back my Favorites, which I use to track research. Since I like Google Chrome, I haven't been running ClamAV very often in the past week, just getting the automatic updates. I've been running ClamAV for at least 6 years, no problems, recommended by my ISP, who uses ClamAV for their email. They can't help me with this and haven't heard of it happening to anyone else. I haven't tried uninstalling and reinstalling ClamAV; not sure if it is a good idea yet. I have run ClamAV in the quarantine option, but two files don't show they are quarantined. I need to know how to proceed: a substitute browser or ClamAV solution? I also run MalwareBytes Anti-Malware, SUPER Anti-Spyware Free Edition, both recommended by my ISP, and Windows Defender. None of these other three have picked up any of the above files. I also wanted to notify in case anyone else is experiencing this problem. Hope this isn't TMI. Joel Esler, Senior Research Engineer, VRT, OpenSource Community Manager, Sourcefire, recommended that I offer this to the group. Thanks to all members more experienced than me. Teresa, teaquil...@lighthouse.net. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome
Could my culprit be ClamWin? I started out with ClamWin years ago, following download links recommended by my ISP/computer repair service. I thought it was the same thing as ClamAV, that ClamAV was the new name, or ClamWin was the free edition. What I am actually running is ClamWin Free Antivirus, a.k.a. ClamWin Antivirus. I thought I had the same thing used by my ISP to scan email. What do I do? Uninstall ClamWin and install ClamAV? Teresa -Original Message- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of G.W. Haywood Sent: Sunday, May 13, 2012 7:34 AM To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome Hi there, On Sun, 13 May 2012, Teresa K Fowler wrote: For the past several weeks, I've had several viruses detected by ClamAV that show as real viruses, not false positives, although I haven't had any false positives since the first detection. The first detection showed blue false positives and maroon viruses both. ... I run Windows Vista Home Premium 32 bit SP 2. Just to clarify things, I suspect that you're running something other than ClamAV. You're probably using something like ClamWin. This will have a GUI, with buttons to click to make life easy for you. It seems that the tool you're using can produce report documents with interesting bits highlighted in colour. ClamAV doesn't do anything like that. ClamAV itself is a simple utility used by other software to examine data. ClamAV does that, returning to the software which invoked it information about what it found. It's then up to the software which invoked ClamAV to do whatever it chooses to do. ClamAV itself when used like this doesn't interact with the user in any way. It knows nothing about maroon and blue colours. And it doesn't delete files, nor quarantine them, nor even attempt to change them in any way. ClamAV doesn't know the difference between malicious software and a false positive, although it is possible to tell it to ignore certain patterns - for example if you have an urgent fix to apply and cannot afford to wait for the routine false-positive fixing process to take its normal course. Your anti-virus tool may perhaps not make this ClamAV feature available to you easily, if at all. ... I've been running ClamAV for at least 6 years, no problems, recommended by my ISP, who uses ClamAV for their email. They can't help me with this and haven't heard of it happening to anyone else. I haven't tried uninstalling and reinstalling ClamAV; not sure if it is a good idea yet. I have run ClamAV in the quarantine option, but two files don't show they are quarantined. I need to know how to proceed: a substitute browser or ClamAV solution? Upgrade? See below. I also run MalwareBytes Anti-Malware, SUPER Anti-Spyware Free Edition, both recommended by my ISP, and Windows Defender. None of these other three have picked up any of the above files. I also wanted to notify in case anyone else is experiencing this problem. Although you must be using something in addition to ClamAV, the ClamAV engines (if kept up to date) are probably identical with those used by other users of this mailing list. So it is useful to know about your experiences. Things like false positives affect all users. It is important to give full information about the current state of your ClamAV engine and databases in any report that you make. In this case, as you seem to be in a minority at least of your ISP's customers, it seems likely that your ClamAV database or perhaps even ClamAV itself is out of date and should be upgraded. Unfortunately you probably got your version of ClamAV not from the originators but from a third party. The third party likely provided the tool which you're using and ClamAV as a package. You may need to go to them for the updated package. Assuming that they have updated their package, upgrading to the latest version (or uninstalling and reinstalling) should have the desired effect. If they have not updated it then you may be able to update ClamAV itself, but over the years there have been changes to the software interface between ClamAV and the tools which use it, so there is a possibility that this will not work. Updating the databases alone (without making changes to the ClamAV engines) may be possible depending on the age of your existing version of ClamAV. -- 73, Ged. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome
Teresa, Would you mind submitting the files below to http://www.clamav.net/lang/en/sendvirus/submit-fp/? This will help us fix the problem you are experiencing. C:\Users\tkfowler\AppData\Local\Google\Chrome\Application\18.0.1025.168\chro me.dll C:\Users\tkfowler\AppData\Local\Google\Chrome\Application\18.0.1025.168\Inst aller\chrome.7z Thanks, - Alain On Sat, May 12, 2012 at 2:06 PM, Teresa K. Fowler teaquil...@lighthouse.net wrote: Dear ClamAV Users List: For the past several weeks, I've had several viruses detected by ClamAV that show as real viruses, not false positives, although I haven't had any false positives since the first detection. The first detection showed blue false positives and maroon viruses both. I have tried several times to report as I have done in the past via the web interface, but I can't browse to these files as they are under another User Identity although detected by my Administrative Identity. I run Windows Vista Home Premium 32 bit SP 2. These are the files as picked up and pasted from a ClamAV scan report 5-6-12. They are maroon bold-faced in the report: C:\Users\tkfowler\AppData\Local\Google\Chrome\Application\18.0.1025.168\chro me.dll: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Local\Google\Chrome\Application\18.0.1025.168\Inst aller\chrome.7z: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Roaming\.clamwin\quarantine\chrome.7z.infected: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Roaming\.clamwin\quarantine\chrome.dll.infected: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Roaming\.clamwin\quarantine\chrome.dll.infected.00 0.infected: W32.Virut.Gen.D-148 FOUND What happens as I am running a ClamAV scan is all the Google Chrome shortcuts are inactivated. When it is done, I can't bring up Google Chrome. From Control Panel/Programs, the first time Google Chrome already was uninstalled. The other four or five times, I've had to uninstall and reinstall. So far, I've been able to get back my Favorites, which I use to track research. Since I like Google Chrome, I haven't been running ClamAV very often in the past week, just getting the automatic updates. I've been running ClamAV for at least 6 years, no problems, recommended by my ISP, who uses ClamAV for their email. They can't help me with this and haven't heard of it happening to anyone else. I haven't tried uninstalling and reinstalling ClamAV; not sure if it is a good idea yet. I have run ClamAV in the quarantine option, but two files don't show they are quarantined. I need to know how to proceed: a substitute browser or ClamAV solution? I also run MalwareBytes Anti-Malware, SUPER Anti-Spyware Free Edition, both recommended by my ISP, and Windows Defender. None of these other three have picked up any of the above files. I also wanted to notify in case anyone else is experiencing this problem. Hope this isn't TMI. Joel Esler, Senior Research Engineer, VRT, OpenSource Community Manager, Sourcefire, recommended that I offer this to the group. Thanks to all members more experienced than me. Teresa, teaquil...@lighthouse.net. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
