Tim.Clarke at manifest
Feb 19, 2006, 2:21 PM
Post #3 of 3
(2283 views)
Permalink
|
Great insight Tom, thanks.
I'll post one on the Clamav false positives page and research some more.
Tim Clarke
-----Original Message-----
From: clamav-win32-bounces [at] lists
[mailto:clamav-win32-bounces [at] lists] On Behalf Of Tom Metro
Sent: 18 February 2006 15:57
To: clamav-win32 [at] lists
Subject: Re: [clamav-win32] Four false positives
Tim Clarke wrote:
> Suddenly had four false positives from clamav last night.
...
> ...\Common Files\GTK\2.0\uninst.exe: Trojan.Clicker.Small-100 FOUND
> ...\Gaim\gaim-uninst.exe: Trojan.Clicker.Small-100 FOUND
> ...\ethereal-setup-0.10.12.exe: Trojan.Clicker.Small-100 FOUND
> ...\gaim-1.5.0.exe: Trojan.Clicker.Small-100 FOUND
>
> Any ideas anyone?
This may not shed much light on the situation, but given that those are
all installers for open source apps., they're probably all instances of
the nullsoft installer (http://nsis.sourceforge.net/), and thus you're
probably seeing one false positive. You could confirm this by running
ClamAV on another machine, first proving that it's clean, then
installing one of these apps. from a fresh downloaded from a trusted
source.
No mention on the nullsoft site of a known false positive against their
installer, but if that was a newly added signature, it may be too soon.
Might be worth doing a Google Groups search.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
|
