Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: win32

False Positive?

  

 
ClamAV win32 RSS feed   Index | Next | Previous | View Threaded


jeffshead at gmail

May 25, 2012, 3:36 AM

Post #1 of 3 (628 views)
Permalink
False Positive?
Figured I would ask here before reporting.



I just sent a test email message to mailtest [at] unlocktheinbox and the
response email they sent back to me was flagged by ClamAV or Sane signatures
as a virus and the email was deleted.



Below is the line from the server log:



"APPLICATION" 2560 "2012-05-25 06:09:25.984"
"SMTPDeliverer - Message 3509: Message deleted (contained virus
INetMsg.SpamDomain-2w.awltovhc_com.UNOFFICIAL)."



I'm assuming this is a false positive but I don't know where to report
because I don't know how to tell if this is a ClamAV or Sane signature.



Can someone please tell me how I can find out if this is a false positive
and who the signature belongs to?



Thanks,



Jeff



--



_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32


edwin+ml-clamav at etorok

May 25, 2012, 5:25 AM

Post #2 of 3 (597 views)
Permalink
Re: False Positive? [In reply to]
On 2012-05-25 13:36, Jeff wrote:
> Figured I would ask here before reporting.
>
>
>
> I just sent a test email message to mailtest [at] unlocktheinbox and the
> response email they sent back to me was flagged by ClamAV or Sane signatures
> as a virus and the email was deleted.
>
>
>
> Below is the line from the server log:
>
>
>
> "APPLICATION" 2560 "2012-05-25 06:09:25.984"
> "SMTPDeliverer - Message 3509: Message deleted (contained virus
> INetMsg.SpamDomain-2w.awltovhc_com.UNOFFICIAL)."
>
>
>
> I'm assuming this is a false positive but I don't know where to report
> because I don't know how to tell if this is a ClamAV or Sane signature.

The UNOFFICIAL suffix in the virusname means that this is not an official ClamAV signature.

--Edwin
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32


jeffshead at gmail

May 25, 2012, 6:10 AM

Post #3 of 3 (591 views)
Permalink
Re: False Positive? [In reply to]
Thanks Edwin!

--

-----Original Message-----
From: clamav-win32-bounces [at] lists
[mailto:clamav-win32-bounces [at] lists] On Behalf Of Török Edwin
Sent: Friday, May 25, 2012 8:25 AM
To: clamav-win32 [at] lists
Subject: Re: [clamav-win32] False Positive?

On 2012-05-25 13:36, Jeff wrote:
> Figured I would ask here before reporting.
>
>
>
> I just sent a test email message to mailtest [at] unlocktheinbox and
> the response email they sent back to me was flagged by ClamAV or Sane
> signatures as a virus and the email was deleted.
>
>
>
> Below is the line from the server log:
>
>
>
> "APPLICATION" 2560 "2012-05-25 06:09:25.984"
> "SMTPDeliverer - Message 3509: Message deleted (contained virus
> INetMsg.SpamDomain-2w.awltovhc_com.UNOFFICIAL)."
>
>
>
> I'm assuming this is a false positive but I don't know where to report
> because I don't know how to tell if this is a ClamAV or Sane signature.

The UNOFFICIAL suffix in the virusname means that this is not an official
ClamAV signature.

--Edwin
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

ClamAV win32 RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.