Jump to content
webcliq

Declaring A Popular Program A Trojan

Recommended Posts

I have worked in the IT industry for over 30 years. I have seen AV packages come and go and have used many. I have used ClamAV on many of the Servers I support where the Customer would not take a paid option. A few days ago, one of the Servers I support was compromised even though it had Symantec Corporate installed. I made the decision to replace it with ClamAV Immunet. It immediately found a number of files that Symantec had ignored. This gives me some confidence. However as the few days have progressed it has now started declaring a number of popular programs - programs I have used for years - as Trojans. As you can imagine this is extremely worrying for me. I decided to try and find out what one of the Trojans was ... W32.Trojan.c52f. As a relative "Newbie" to using CamAV, I looked for some place on the Immunet web site where an explanation of this declaration existed - I can't find one. Nor does putting this complete reference into Google Search Engine provide any useful information.

 

Where does this information exist?

 

I don't know the Developer of the "offending" program personally but he and his Site is well reviewed and has many awards. I can imagine these problems of "false positives" exist and I would rather be safe than sorry. Nonetheless I do expect to be able to find out the information of why Clam AV found something and what it found so that we can all understand it.

 

Looking forward to your responses and the involvement of the "Community" in this issue.

 

Mark Richards

Webcliq

Share this post


Link to post
Share on other sites

I have worked in the IT industry for over 30 years. I have seen AV packages come and go and have used many. I have used ClamAV on many of the Servers I support where the Customer would not take a paid option. A few days ago, one of the Servers I support was compromised even though it had Symantec Corporate installed. I made the decision to replace it with ClamAV Immunet. It immediately found a number of files that Symantec had ignored. This gives me some confidence. However as the few days have progressed it has now started declaring a number of popular programs - programs I have used for years - as Trojans. As you can imagine this is extremely worrying for me. I decided to try and find out what one of the Trojans was ... W32.Trojan.c52f. As a relative "Newbie" to using CamAV, I looked for some place on the Immunet web site where an explanation of this declaration existed - I can't find one. Nor does putting this complete reference into Google Search Engine provide any useful information.

 

Mark Richards

Webcliq

Hi Webcliq,

I am using Immunet Free without ClamAV, but regarding false postives announced by Immunet, there is a sort of white list. Product ->Settings -> Protection Exclusions. By clicking on "Add new exclusion" you can add the full path to the "false positive", that you want to keep. Remember to click on "Apply" button to save it! By doing so, Immunet will not scan this path any more. If you change your mind, there is an (X) to the right of your added path. By clicking on this (X), the path will be erased from the list. (Remember to click on "Apply" to get the change saved!) Note, this is valid for Immunet scans; regarding ClamAV, I do not know! I hope, that somebody else will give supplementary info here!

Cheers,

sweidre

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×