FYI: Avast! and ClamAV - False Positive - "JS:ScriptSH-inf [Trj]" virus

Hello,

I just wanted to relay my findings of a false positive that I have found.
I use Avast! for resident protection and I use a 2nd AV scanner (Clam AV) on one of my workstations.
Seems like Avast keeps alerting me when ClamAV downloads a new virus definition database file.
I get this:

avast! [WORKSTATION1]: File “C:\Users\GeeLo\AppData\Local\Temp\clamav-2975b368aef9e353f9e2e3f2a53e328b.000009ec.clamtmp\daily.ndb” is infected by “JS:ScriptSH-inf [trj]” virus.
“Resident protection (Standard Shield)” task used
Version of current VPS file is 090522-0, 05/22/2009

I uploaded the detected file in question to http://www.virustotal.com/ and only 4 virus programs indicated a virus, including Avast,
all other commercial AV scanners did not… so it looks like this as a false positive.
Just wanted to share this info with the rest of you.

There are other topics about this (check the forum search function), the problem stems from clamav not encrypting its virus signatures and avast detecting them. The clamav-2975b368aef9e353f9e2e3f2a53e328b.000009ec.clamtmp.

So technically this isn’t a false positive as avast id looking for virus signatures, that’s it job.

You can do as suggested in the other topics to exclude the file/s.