ClamAV detected by avast! ???

system · May 25, 2009, 7:41pm

DavidR post:19:

How can it possibly be a false positive, when avast is alerting on finding a virus signature, that is after all what an antivirus is meant to do. Why clamav haven’t encrypted the signatures is beyond me as they must be aware that installed resident scanners will detect them.

There is no guarantee that clamav will always be installed in the same location, there is also nothing stopping clamav changing the file name format breaking any exclusion created. Personally I would be a bit pi**ed if the use of wildecard exclusions as without care that wildcard could leave a large hole in your security.

I also don’t see why avast should chase other AVs issues of not encrypting their signatures like panda and calmav, two that I know of with the possibility of there being more.

The whole point of having an Anti-Virus program on ones computer in the first place is to prevent malicious code from tampering with ones computer. In this case ClamWin poses no threat to ones computer, in fact it is the opposite, and exists for the same purpose as does Avast, therefore, it is NOT a threat and hence my determination of a False Positive.

Granted, Clamwin should encrypt their database, but then Avast would/should detect ClamWin when it decrypts it’s database, causing yet another False Positive.

A simple solution exists, (and yes you are correct in that Wildcards should not be used), and in this case I see no reason why it should not be implemented by default.

system · May 26, 2009, 7:04am

I have yet to have avast alert on ClamAV.

Perhaps because it is in Spyware Terminator?

system · May 26, 2009, 10:26am

Not sure about that one, there was someone asking about the ClamAV and Spyware Terminator in the ‘virus in temp’ sticky thread

-Scott-

system · May 26, 2009, 1:47pm

sorry i dident understand how to isolate the folder for avoiding the problem ??? ???

Lisandro · May 26, 2009, 6:52pm

You need to use the Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…

You can use wildcards like * and ?.
But be careful, you should ‘exclude’ that many files that let your system in danger.

DavidR · May 26, 2009, 7:00pm

Check my post in the previous page, Reply #8 of this topic, http://forum.avast.com/index.php?topic=45231.msg379055#msg379055

system · May 27, 2009, 6:07am

thanks and another thing but why clam av dont encripted well is database

DavidR · May 27, 2009, 12:51pm

I can’t understand why either, but that is something you would have to ask them.

system · June 1, 2009, 1:20am

Thanks for the information for users having ClamWinPortable installed on their USB flashdrives. I also have that setup. However, for my home PC, I have installed the static ClamWin on my hard drive [Windows Vista Home Premium 32-bit]. What would be the exclusion string for it? Thanks in advance. ???

DavidR · June 1, 2009, 2:01am

The exclusion string example is independent of OS presuming you installed it in the OS.s program files folder, if the vista program files are stored in a different location you need to change ‘program files’ to that folder name. I don’t use vista.

system · June 4, 2009, 8:10am

clamav-1c59e8bbc0e3be87438a54cad29e8900.00000fb0.clamtmp\daily.ndb
JS:scriptsh.inf [trg]

THAT IS A MESSAGE EVERY TIME I LOG INTO MY COMPUTER… EVERY TIME I RUN SPYWARE TERMINATOR AND AVAST… IS IT A TROGAN HORSE OR VIRUS… I HAVE NO CLUE WHAT TO DO?? IT HAS BEEN GOING ON FOR ALMOST A MONTH. ;(

IF ANYONE CAN HELP I WOULD GREATLY APPRECAITE ANY AND ALL HELP
BOBBIE

system · June 4, 2009, 8:29am

Hi B123!

I’m for sure no expert for this, but I would suggest to contact someone from ClamAV that they solve this as it is their mistake I think…
It seems as they don’t encrypt their files strong enough…

Or uninstall ClamAV.

The detected file can be deleted in my opinion, as it seems to be a temporary file…

yours
onlysomeone

Lisandro · June 4, 2009, 12:29pm

B123,

Clamav is not compatible with avast (i.e., both installed and running).
Avoid CAPS, forum policy

bob3160 · June 5, 2009, 2:03am

Tech,

1. Clamav is not compatible with avast (i.e., both installed and running).

ClamAV isn't resident. I've used it for a long time as a second opinion when avast! detects something. Using the exclusion outlined by DavidR in the earlier part of this post has worked without any problems. :)

Lisandro · June 5, 2009, 2:06am

Sorry people, I’ve messed ClamAv with ClamWin.

ClamAV detected by avast! ???

Announcements