The file is too large for me to upload to VirusTotal at 4.5MB (on dial-up), and my other onboard scanners (A2, MBAM, SAS) don’t detect anything. I searched the file hash (MD5 03854561154B53B5218DAC5CEE391A3B) at VT and Google with no result.
If you do a forum search for clamwin, recent posts as they had a problem before with their updates as they weren’t encrypting their signature updates. They were meant to have changed how they did the update (e.g. encrypt them).
Is this a Linux version of clamwin as the previous problem was for windows.
There are some that would say clamwin doesn’t bring much to the party to be putting up with the hassle.
Some months ago, when this problem raised, the one which correct the Clam problem was Alwil team, I mean, avast try to correct the detection of a bad (non-encrypted) Clam file.
@ DavidR, yes, I’ve followed the numerous threads on this issue between Avast and ClamWin. For me, this is a new detection and I don’t understand why it has suddenly occurred. I have the Windows version of ClamWin and don’t believe there is a Linux, or other OS version. I am aware of the low detection rate of ClamAV/ClamWin, but it is still nice to have as a second on-demand A/V scanner. Also, in order to further the project, I sometimes upload undetected malware to ClamWin.
@ Tech, yes, since that time I have not had any Avast alerts on ClamWin.
@ Scott, yes, I have added the exclusion X 2 to Avast to avert the detection.
I have copied the detected file to a portable drive and will upload it to VT, etcetera, when I go to my beach house on Tuesday where I have a 7MB cable internet connection. I am interested to see which other scanner(s) will detect it.
Is anyone running Avast 5 Beta getting this same alert?
Well, I don’t have the standard version installed, but I do have the portable version, and I have uploaded what avast! alerts on with me.
It is a different file with the same ‘infection’, one loaded into temp files so I am not sure about the relevance, still…
(I think it is what would be part of a .cld file - on mine they are .cvd…)
Good point, and thanks for the VT link. It would be great if these alerts have been eliminated in Avast 5. If my time permits, I will download Avast 5 to my beta testing machine to see.
Given the file type, I don’t know if this is also a packer supported by avast (and consequently GData) but possibly not the others. avast has one of the largest list of packers.
Or if it isn’t a supported packer scanning the raw data could give an FP, but worth sending to avast for investigation.