Avast + ClamWin = False Positive

I use two antiviruses: Avast as the main system protector and ClamWin as on-demand scanner. Every time I run ClamWin (to scan files or to update its database), my Avast alerts that the file daily.ndb in ClamWin is a virus - JS:ScriptSH-inf [Trj]. Could you correct Avast’s mistake?

Please take a look at this post:
http://forum.avast.com/index.php?topic=45231.msg378974#msg378974

greetz
onlysomeone

As has been pointed out, there are other topics on this problem, caused by the unencrypted signatures of ClamWin. So technically these aren’t false positives as avast is doing its job in detecting virus signatures.

See my post in the same topic to add an exclusion, http://forum.avast.com/index.php?topic=45231.msg379055#msg379055.

Thanks a lot, DavidR. I added C:*\clamav-*.clamptmp and ?:*\ClamWinPortable\Data\db* (for my PortableApps USB stick) to exclusions in Program Settings and Standard Shield. Please pay attention that an “extra” letter is needed in the file extension - clamptmp (it’s not a typo).

I think that is down to the slight differences clamav and caamwin as that topics subject was about clamav. ???

George,

If you download the latest version of ClamWin (0.95.2) from PortableApps I think you may find they have now rectified the FP problem.

My regards

I have looked through the whole PortableApps forum and found nothing like your post here. ???

It is linked in the what’s new section (an actual release)
here is the page anyway:
http://portableapps.com/apps/utilities/clamwin_portable

-Scott-

Could you underline the lines that “they have now rectified the FP problem”? I couldn’t find them myself.

http://s61.radikal.ru/i171/0906/28/947200452a38t.jpg

George,

Try the new version and let us know. When I tried it, on a single update, there was no longer a warning by Avast.

My regards

Hi spg SCOTT,

Fantastic news, the new portable works like a charm, no more flagging by avast, I updated the portable version and everything now OK,

polonus

That’s great to hear :slight_smile:

However I believe that Mike Buxton deserves the credit for this one, he told us of the update, I just provided the page it was located on.

so:

Good find Mike :smiley: :smiley:

BTW it’s good to hear others are using portableapps.com, it’s great !!!

-Scott-

Hi spg SCOTT,

If Mike Buxton is the man, we thank him for providing that link and the solution for our predicament here, good attentive work. I use this ClamWin Portable App now for years as does bob3160 for a so-called second op, as ClamWin has a total different developing background and a slightly different database sequence and data than other av solutions and can be used next to resident av-solutions like avast. This we call closing the vulnerability window (gap actually), so you have the basic protection of avast resident and the shields etc., then you can have additional scanning on a file with ClamWin portable app and taking it to to work wherever you want to go, the same goes for the latest version of non-resident DrWebCureIt, latest download of stinger.exe etc… Additional protection can be had with MBAM, SAS, SpywareBlaster, ThreatFire, RUBoted. Then again with a browser with in-browser protection (NS/RP extensions) I think you can be considered rather secure,

pol

Hmm…

I downloaded ClamWin 0.95.2 now because I wanted to test it, but when I run a “memory scan” I get a warning message from avast!.
See the picture…
Does not seem as if this problem really has been solved… :-\

Here’s the part of avast!'s log:

C:\Users\*my name*\AppData\Local\Temp\clamav-19f8e5b9e38c6c60072b1d31e9502eb4.0000089c.clamtmp\daily.ndb [L] JS:ScriptSH-inf [Trj] (0) Datei erfolgreich in Container verschoben...

onlysomeone

Same here, just downloaded and still detected.
It’s not the update, its the scanner.

Maybe they haven’t fixed it…

Polonus,
How does it work for you, have you removed the exclusions?

-Scott-

Hi onlysomeone and spg SCOTTI,

Maybe my reaction was a bit premature, but found I still had the avast exclusions there as given by Georges Yves, well if that is the only way, it has to be. But it is a shame that the ClamWin programmers could not solve this incompatibility,

polonus

Hi,

My apology for any inadvertent misinformation; based upon my single update I did suggest “may” and “try”.

My regards