7 October 2009

Researching false positives reported by ClamWin

Several months back, I had to wrestle with a virus on my work computer (obtained via network shares, though I was never really sure how; best guess was an autorun weakness someone had heard about). Around a year ago my home laptop was infected. McAffee was useless, so I used a combination of Malwarebytes and ClamWin to do the clean up. I've had ClamWin running nightly ever since but unfortunately have had a few false positives. One on 17 July and another on 26 July. The hpHosts blog was a top hit in both instances.

Got another warning this morning: clamwin user32.dll.infected: Trojan.Onlinegames-1755. Searching on that brought up a thread on the ClamWin forums, which then pointed me to their article "How can I report a virus that ClamWin doesn't recognise? Or a false positive?". From this, they pointed to the VirusTotal site, which allows you to upload a file for it to examine and report the results from various virus scans. Very useful. Their scan of my suspect file showed it was clean.

[ updated 16 Dec 2009 ]

Report false positives directly to ClamAV here.

[ posted by sstrader on 7 October 2009 at 11:48:26 AM in Home Network & Gadgets , Science & Technology ]