Jump to content
hfr

Hundrets Of False-Positives By Clamav / Immunet 3 Antivirus Scanner

Recommended Posts

Hello,

 

I checked my window7 Partition (os & user data) with a LessLinux search & recovery DVD using the installed Linux ClamAV antivirus scanner. I also scanned the partition wth kaspersky antivirus from installed Virus scanner, over Network with Norton 360 Antivirus, Norton Power Eraser,Norton Bootable Reverery Tool and at last with Emsisoft EMERGENY KIT Offline Scanner. I assumed a threat. Additional I installed today Immune 3 and scanned only this files, which ClamAV treats as threat (i.e. Win.Trojan.Agent - see more below)

 

Here the results of the scans:

- Kaspersky Internet Secuity 2014 on Windows 7 - 64Bit: no threats

- Norton (all different programs): no threats; for Power Eraser only unknown files

- Emsisoft EMERGENY KIT: no threats; on potentially unwanted programs and registry keys.

- ClamAV on Linux: about 100 threats

- Immunet on Windows XP - x86: only some of with ClamAV recognized threats are recognized by Immunet 3.

- AVG AntiVirus: no threats for all files, which ClamAV and Immunet 3 recognizes as threat.

 

I know all this programs, which ClamAV and Immunet treats as threat, some from my Apache Server 64bit installation (in folder: iconv): Win.Trojan.Agent_478111, other old instalations routines from programs (from year 2012 and older) I use meanwhile from a newer Installation setup program.

 

Also for Excel 2007:

 

W32.Virut.Gen.D

/media/disk/sda2/Program Files (x86)/Microsoft Office/Office12/EXCEL.EXE: W32.Virut.Gen.D-163

 

other antivirus scanner say file is clean.The scan result 4:1 against ClamAV/Immunet 3.

 

Next some Win.Trojan.Kiser and so on.

 

I think These are all false-positiv and Immunet wants to make an Impression about what it can, but it is all faulty from ClamAV and Immunet. How can I decide whats a real threat and what not?

 

About the uploaded screenshot: some of files, which ClamAV / immunet 3 treats as threat. I added to all of this files an additional file extension in form of .vir.ClamAV.<threatname>.

 

regards

hfr

post-29072-0-07740200-1393525025_thumb.jpg

Edited by hfr
  • Like 1

Share this post


Link to post
Share on other sites

Hi hfr,

 

So, to clarify:

 

You scanned the same set of files with several AV/Protection software.

 

Only ClamAV for Linux and Immunet (running on XP) classified some as malicious, of which Immunet only classified a portion of the 'about 100' that ClamAV for Linux found.

 

For ClamAV (Linux) you would probably need to go directly to the Clam guys for help (clamav.net). You can submit false positives in that website.

 

For the ones present in Immunet, you can double check against, for example, virustotal.com to determine whether the files are malicious or not. If they are, please feel free to submit them via immunet.com/contact/index.html (the dropdown can be used to select 'Submit false positive') preferably, but you can also submit them to support@immunet.com (note that through the second method, it will be significantly longer until they are properly processed)

 

Cheers,

 

-Jose

Share this post


Link to post
Share on other sites

Unless something has changed over the years since I've been using computers one should only have 1 antivirus program running on their computers; since more than 1 can cancel each other out. As to say there cannot be 2 kings in charge of 1 army.

Share this post


Link to post
Share on other sites

Hi perezomai,

 

you fool, did I write anything about more than one antivirus program installed? Only one is installed on one operating system, the scans are running from several computers over network. Try www.virustotal.com wth a flle, ClamAV find in everthing harmeless files a threat.

Share this post


Link to post
Share on other sites

perezomail please refrain from posting unrelated threads in topics. You're welcome to post a new topic in the correct section of the forum of course. This is the False Positives section.

 

However, to clarify things the Free version of Immunet "CAN BE USED" as an additional AV. Immunet Free has been designed to run along side of and compliment many other anti-virus vendor's products giving you an added layer of protection.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...