Jump to content


Photo

Declaring A Popular Program A Trojan


  • Please log in to reply
2 replies to this topic

#1 Webcliq

Webcliq

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 03 April 2011 - 06:16 AM

I have worked in the IT industry for over 30 years. I have seen AV packages come and go and have used many. I have used ClamAV on many of the Servers I support where the Customer would not take a paid option. A few days ago, one of the Servers I support was compromised even though it had Symantec Corporate installed. I made the decision to replace it with ClamAV Immunet. It immediately found a number of files that Symantec had ignored. This gives me some confidence. However as the few days have progressed it has now started declaring a number of popular programs - programs I have used for years - as Trojans. As you can imagine this is extremely worrying for me. I decided to try and find out what one of the Trojans was ... W32.Trojan.c52f. As a relative "Newbie" to using CamAV, I looked for some place on the Immunet web site where an explanation of this declaration existed - I can't find one. Nor does putting this complete reference into Google Search Engine provide any useful information.

Where does this information exist?

I don't know the Developer of the "offending" program personally but he and his Site is well reviewed and has many awards. I can imagine these problems of "false positives" exist and I would rather be safe than sorry. Nonetheless I do expect to be able to find out the information of why Clam AV found something and what it found so that we can all understand it.

Looking forward to your responses and the involvement of the "Community" in this issue.

Mark Richards
Webcliq

#2 sweidre

sweidre

    Legendary Member

  • Immunet Insiders
  • PipPipPipPip
  • 1,138 posts
  • LocationIdre parish, Ă„lvdalen municipality, Dalarna county, Sweden

Posted 03 April 2011 - 11:11 AM

I have worked in the IT industry for over 30 years. I have seen AV packages come and go and have used many. I have used ClamAV on many of the Servers I support where the Customer would not take a paid option. A few days ago, one of the Servers I support was compromised even though it had Symantec Corporate installed. I made the decision to replace it with ClamAV Immunet. It immediately found a number of files that Symantec had ignored. This gives me some confidence. However as the few days have progressed it has now started declaring a number of popular programs - programs I have used for years - as Trojans. As you can imagine this is extremely worrying for me. I decided to try and find out what one of the Trojans was ... W32.Trojan.c52f. As a relative "Newbie" to using CamAV, I looked for some place on the Immunet web site where an explanation of this declaration existed - I can't find one. Nor does putting this complete reference into Google Search Engine provide any useful information.

Mark Richards
Webcliq

Hi Webcliq,
I am using Immunet Free without ClamAV, but regarding false postives announced by Immunet, there is a sort of white list. Product ->Settings -> Protection Exclusions. By clicking on "Add new exclusion" you can add the full path to the "false positive", that you want to keep. Remember to click on "Apply" button to save it! By doing so, Immunet will not scan this path any more. If you change your mind, there is an (X) to the right of your added path. By clicking on this (X), the path will be erased from the list. (Remember to click on "Apply" to get the change saved!) Note, this is valid for Immunet scans; regarding ClamAV, I do not know! I hope, that somebody else will give supplementary info here!
Cheers,
sweidre

My computer details with softwares have been moved to My Personal Page -> About me : http://forum.immunet.com/index.php?app=core&module=usercp&tab=members&area=aboutme


#3 RobT

RobT

    Advanced Member

  • Administrators
  • 245 posts

Posted 04 April 2011 - 03:46 PM

Hi Mark, in addition to excluding the files you can also upload the files as false positives - http://forum.immunet...e-positive-fp/. We will review them and update the Immunet Cloud so they are no longer detected as virus'.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users