dvd.s.prc at gmail
Feb 10, 2012, 7:43 PM
Post #3 of 3
The ClamAV binaries themselves _have not_ been altered. What Cnet is doing is,
requiring Windows users to run Cnet's own separate, proprietary and trojanned
installer. That trojanned installation program will in turn, download
the standard and legitimate Immunet installers by itself. It is akin
to a trojanned download manager.
Please read Fyodor's writeups on seclists and insecure.org for
If you downloaded from Cnet's Download.com, you can upload the suspect
binary to VirusTotal to check that your installer has not been
trojanned, or scan it directly with ClamAV which has the Cnet trojan
in its database.
To be safe in the future, DO NOT obtain files from Download.com.