webcliq Posted April 3, 2011 Report Share Posted April 3, 2011 I have worked in the IT industry for over 30 years. I have seen AV packages come and go and have used many. I have used ClamAV on many of the Servers I support where the Customer would not take a paid option. A few days ago, one of the Servers I support was compromised even though it had Symantec Corporate installed. I made the decision to replace it with ClamAV Immunet. It immediately found a number of files that Symantec had ignored. This gives me some confidence. However as the few days have progressed it has now started declaring a number of popular programs - programs I have used for years - as Trojans. As you can imagine this is extremely worrying for me. I decided to try and find out what one of the Trojans was ... W32.Trojan.c52f. As a relative "Newbie" to using CamAV, I looked for some place on the Immunet web site where an explanation of this declaration existed - I can't find one. Nor does putting this complete reference into Google Search Engine provide any useful information. Where does this information exist? I don't know the Developer of the "offending" program personally but he and his Site is well reviewed and has many awards. I can imagine these problems of "false positives" exist and I would rather be safe than sorry. Nonetheless I do expect to be able to find out the information of why Clam AV found something and what it found so that we can all understand it. Looking forward to your responses and the involvement of the "Community" in this issue. Mark Richards Webcliq Link to comment Share on other sites More sharing options...
sweidre Posted April 3, 2011 Report Share Posted April 3, 2011 I have worked in the IT industry for over 30 years. I have seen AV packages come and go and have used many. I have used ClamAV on many of the Servers I support where the Customer would not take a paid option. A few days ago, one of the Servers I support was compromised even though it had Symantec Corporate installed. I made the decision to replace it with ClamAV Immunet. It immediately found a number of files that Symantec had ignored. This gives me some confidence. However as the few days have progressed it has now started declaring a number of popular programs - programs I have used for years - as Trojans. As you can imagine this is extremely worrying for me. I decided to try and find out what one of the Trojans was ... W32.Trojan.c52f. As a relative "Newbie" to using CamAV, I looked for some place on the Immunet web site where an explanation of this declaration existed - I can't find one. Nor does putting this complete reference into Google Search Engine provide any useful information. Mark Richards Webcliq Hi Webcliq, I am using Immunet Free without ClamAV, but regarding false postives announced by Immunet, there is a sort of white list. Product ->Settings -> Protection Exclusions. By clicking on "Add new exclusion" you can add the full path to the "false positive", that you want to keep. Remember to click on "Apply" button to save it! By doing so, Immunet will not scan this path any more. If you change your mind, there is an (X) to the right of your added path. By clicking on this (X), the path will be erased from the list. (Remember to click on "Apply" to get the change saved!) Note, this is valid for Immunet scans; regarding ClamAV, I do not know! I hope, that somebody else will give supplementary info here! Cheers, sweidre Link to comment Share on other sites More sharing options...
Rob.T Posted April 4, 2011 Report Share Posted April 4, 2011 Hi Mark, in addition to excluding the files you can also upload the files as false positives - http://forum.immunet.com/index.php?/topic/344-how-do-i-report-a-false-positive-fp/. We will review them and update the Immunet Cloud so they are no longer detected as virus'. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.