7 October 2009
Researching false positives reported by ClamWin
Several months back, I had to wrestle with a virus on my work computer (obtained via network shares, though I was never really sure how; best guess was an autorun weakness someone had heard about). Around a year ago my home laptop was infected. McAffee was useless, so I used a combination of Malwarebytes and ClamWin to do the clean up. I've had ClamWin running nightly ever since but unfortunately have had a few false positives. One on 17 July and another on 26 July. The hpHosts blog was a top hit in both instances.
Got another warning this morning: clamwin user32.dll.infected: Trojan.Onlinegames-1755
. Searching on that brought up a thread on the ClamWin forums, which then pointed me to their article "How can I report a virus that ClamWin doesn't recognise? Or a false positive?". From this, they pointed to the VirusTotal site, which allows you to upload a file for it to examine and report the results from various virus scans. Very useful. Their scan of my suspect file showed it was clean.
[ updated 16 Dec 2009 ]
Report false positives directly to ClamAV here.
- Desire, life, and gadgets posted by sstrader on 5 April 2010 at 7:29:53 PM
- Joining the ranks of gamers posted by sstrader on 29 March 2010 at 1:06:07 PM
- Updating multiple domains with DDNS using a Linksys router and DynDNS posted by sstrader on 25 March 2010 at 8:20:39 AM
- Android, iPhone, criticism posted by sstrader on 18 March 2010 at 6:18:11 PM
- New server posted by sstrader on 5 March 2010 at 12:25:11 AM Other entries categorized in Science & Technology:
- Info wars 2010 posted by sstrader on 13 February 2010 at 11:50:50 AM
- Limiting noise posted by sstrader on 15 December 2009 at 9:58:00 AM
- Scientists' emails posted by sstrader on 25 November 2009 at 11:40:47 AM
- Researching false positives reported by ClamWin posted by sstrader on 7 October 2009 at 11:48:26 AM
- Week's reading list posted by sstrader on 28 August 2009 at 2:44:16 PM