Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

False positive suspicion - Fax Server Plus

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


support at faxserverplus

May 8, 2012, 1:42 AM

Post #1 of 6 (325 views)
Permalink
False positive suspicion - Fax Server Plus
To whom it may concern:

We got some reports from our customers said our website reported as Malware
Site by Bitdefender.
Here is the download links of all our products:
http://faxserverplus.com/download/FSPQuick.EXE
http://faxserverplus.com/download/faxserverplusevl.exe

Could you please check it out?

Regards,
Nicole
http://www.faxserverplus.com
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


alvarnell at mac

May 8, 2012, 2:18 AM

Post #2 of 6 (309 views)
Permalink
Re: False positive suspicion - Fax Server Plus [In reply to]
On 5/8/12 1:42 AM, "Nicole Brown" <support [at] faxserverplus> wrote:

> We got some reports from our customers said our website reported as Malware
> Site by Bitdefender.
> Here is the download links of all our products:
> http://faxserverplus.com/download/FSPQuick.EXE
> http://faxserverplus.com/download/faxserverplusevl.exe
>
Why would you be asking clamav-users to check out something BitDefender
finds? Shouldn't you be contacting them?


-Al-

--
Al Varnell
Mountain View, CA



_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


fajar at fajar

May 8, 2012, 2:30 AM

Post #3 of 6 (300 views)
Permalink
Re: False positive suspicion - Fax Server Plus [In reply to]
On Tue, May 8, 2012 at 4:18 PM, Al Varnell <alvarnell [at] mac> wrote:
> On 5/8/12 1:42 AM, "Nicole Brown" <support [at] faxserverplus> wrote:
>
>> We got some reports from our customers said our website reported as Malware
>> Site by Bitdefender.
>> Here is the download links of all our products:
>> http://faxserverplus.com/download/FSPQuick.EXE
>> http://faxserverplus.com/download/faxserverplusevl.exe
>>
> Why would you be asking clamav-users to check out something BitDefender
> finds? Shouldn't you be contacting them?

To be fair, one of the files WAS recognized as malware by clamav :
https://www.virustotal.com/file/bf5a62810d8ff28129d84c982e80e4a062d33fd1e082483dfc1f56033491f79d/analysis/1336239300/

So it probably qualifies as FP report. However, since PUA submissions
are automatically rejected, I'm not sure what the best way to proceed.

The "our website reported as Malware" part should probably be ignored
as it's not relevant to this list.

--
Fajar
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


support at faxserverplus

May 8, 2012, 2:37 AM

Post #4 of 6 (299 views)
Permalink
Re: False positive suspicion - Fax Server Plus [In reply to]
sorry. I meant by Clamav...

Our products also reported as Malware site by Bitdefender, so I forward
the email to this group,
but didn't forget to change the software name.....

Wish you have a good day!

Regards,
Nicole

On Tue, May 8, 2012 at 5:36 PM, Nicole Brown <faxserverplus [at] gmail>wrote:

>
> On Tue, May 8, 2012 at 5:30 PM, Fajar A. Nugraha <fajar [at] fajar> wrote:
>
>> On Tue, May 8, 2012 at 4:18 PM, Al Varnell <alvarnell [at] mac> wrote:
>> > On 5/8/12 1:42 AM, "Nicole Brown" <support [at] faxserverplus> wrote:
>> >
>> >> We got some reports from our customers said our website reported as
>> Malware
>> >> Site by Bitdefender.
>> >> Here is the download links of all our products:
>> >> http://faxserverplus.com/download/FSPQuick.EXE
>> >> http://faxserverplus.com/download/faxserverplusevl.exe
>> >>
>> > Why would you be asking clamav-users to check out something BitDefender
>> > finds? Shouldn't you be contacting them?
>>
>> To be fair, one of the files WAS recognized as malware by clamav :
>>
>> https://www.virustotal.com/file/bf5a62810d8ff28129d84c982e80e4a062d33fd1e082483dfc1f56033491f79d/analysis/1336239300/
>>
>> So it probably qualifies as FP report. However, since PUA submissions
>> are automatically rejected, I'm not sure what the best way to proceed.
>>
>> The "our website reported as Malware" part should probably be ignored
>> as it's not relevant to this list.
>>
>> --
>> Fajar
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/ml
>>
>
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


tshaw at oitc

May 8, 2012, 2:46 AM

Post #5 of 6 (304 views)
Permalink
Re: False positive suspicion - Fax Server Plus [In reply to]
On May 8, 2012, at 5:30 AM, Fajar A. Nugraha wrote:

> On Tue, May 8, 2012 at 4:18 PM, Al Varnell <alvarnell [at] mac> wrote:
>> On 5/8/12 1:42 AM, "Nicole Brown" <support [at] faxserverplus> wrote:
>>
>>> We got some reports from our customers said our website reported as Malware
>>> Site by Bitdefender.
>>> Here is the download links of all our products:
>>> http://faxserverplus.com/download/FSPQuick.EXE
>>> http://faxserverplus.com/download/faxserverplusevl.exe
>>>
>> Why would you be asking clamav-users to check out something BitDefender
>> finds? Shouldn't you be contacting them?
>
> To be fair, one of the files WAS recognized as malware by clamav :
> https://www.virustotal.com/file/bf5a62810d8ff28129d84c982e80e4a062d33fd1e082483dfc1f56033491f79d/analysis/1336239300/
>
> So it probably qualifies as FP report. However, since PUA submissions
> are automatically rejected, I'm not sure what the best way to proceed.
>
> The "our website reported as Malware" part should probably be ignored
> as it's not relevant to this list.

They should check BitDefender. If there is a setting to disable PUA checking, then it is a user issue as the user selected to detect PUAs. If there is not a selectable option then it should be a bug report to BitDefender. If used in a mailserver environment then PUA detects maybe be miss-weighted.

After all PUA is disable by default out of the box by ClamAV so someone else must have enabled it.

Tom
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


me at junc

May 8, 2012, 6:27 AM

Post #6 of 6 (298 views)
Permalink
Re: False positive suspicion - Fax Server Plus [In reply to]
Den 2012-05-08 11:18, Al Varnell skrev:

> Why would you be asking clamav-users to check out something
> BitDefender finds? Shouldn't you be contacting them?

if its really is a virus i would like to have clamav detect it as a
virus, remembering my time of have bitdefender, f-prot here myself where
i sent samples clamav did not detect, is this old school ?

in gentoo there is only clamav left in portage, so i hope i have not
stepped on my own foot

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.