Jump to content

Hundrets Of False-Positives By Clamav / Immunet 3 Antivirus Scanner


hfr

Recommended Posts

Hello,

 

I checked my window7 Partition (os & user data) with a LessLinux search & recovery DVD using the installed Linux ClamAV antivirus scanner. I also scanned the partition wth kaspersky antivirus from installed Virus scanner, over Network with Norton 360 Antivirus, Norton Power Eraser,Norton Bootable Reverery Tool and at last with Emsisoft EMERGENY KIT Offline Scanner. I assumed a threat. Additional I installed today Immune 3 and scanned only this files, which ClamAV treats as threat (i.e. Win.Trojan.Agent - see more below)

 

Here the results of the scans:

- Kaspersky Internet Secuity 2014 on Windows 7 - 64Bit: no threats

- Norton (all different programs): no threats; for Power Eraser only unknown files

- Emsisoft EMERGENY KIT: no threats; on potentially unwanted programs and registry keys.

- ClamAV on Linux: about 100 threats

- Immunet on Windows XP - x86: only some of with ClamAV recognized threats are recognized by Immunet 3.

- AVG AntiVirus: no threats for all files, which ClamAV and Immunet 3 recognizes as threat.

 

I know all this programs, which ClamAV and Immunet treats as threat, some from my Apache Server 64bit installation (in folder: iconv): Win.Trojan.Agent_478111, other old instalations routines from programs (from year 2012 and older) I use meanwhile from a newer Installation setup program.

 

Also for Excel 2007:

 

W32.Virut.Gen.D

/media/disk/sda2/Program Files (x86)/Microsoft Office/Office12/EXCEL.EXE: W32.Virut.Gen.D-163

 

other antivirus scanner say file is clean.The scan result 4:1 against ClamAV/Immunet 3.

 

Next some Win.Trojan.Kiser and so on.

 

I think These are all false-positiv and Immunet wants to make an Impression about what it can, but it is all faulty from ClamAV and Immunet. How can I decide whats a real threat and what not?

 

About the uploaded screenshot: some of files, which ClamAV / immunet 3 treats as threat. I added to all of this files an additional file extension in form of .vir.ClamAV.<threatname>.

 

regards

hfr

post-29072-0-07740200-1393525025_thumb.jpg

Link to comment
Share on other sites

Hi hfr,

 

So, to clarify:

 

You scanned the same set of files with several AV/Protection software.

 

Only ClamAV for Linux and Immunet (running on XP) classified some as malicious, of which Immunet only classified a portion of the 'about 100' that ClamAV for Linux found.

 

For ClamAV (Linux) you would probably need to go directly to the Clam guys for help (clamav.net). You can submit false positives in that website.

 

For the ones present in Immunet, you can double check against, for example, virustotal.com to determine whether the files are malicious or not. If they are, please feel free to submit them via immunet.com/contact/index.html (the dropdown can be used to select 'Submit false positive') preferably, but you can also submit them to support@immunet.com (note that through the second method, it will be significantly longer until they are properly processed)

 

Cheers,

 

-Jose

Link to comment
Share on other sites

  • 4 weeks later...

perezomail please refrain from posting unrelated threads in topics. You're welcome to post a new topic in the correct section of the forum of course. This is the False Positives section.

 

However, to clarify things the Free version of Immunet "CAN BE USED" as an additional AV. Immunet Free has been designed to run along side of and compliment many other anti-virus vendor's products giving you an added layer of protection.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...