Avast WEBforum
Other => General Topics => Topic started by: bob3160 on May 13, 2009, 04:51:26 PM
-
This started on the 12th and is getting annoying.
Please Fix this detection. Thanks
-
It has been posted elsewhere, Igor says it is unencrypted in the memory and being detected by avast.
I'm not sure if they can correct the detection. Seems an incompatibility of two running antivirus, don't you think?
-
Maybe ALWIL will work with ClamWin to fix this problem. :)
-
It has been posted elsewhere, Igor says it is unencrypted in the memory and being detected by avast.
I'm not sure if they can correct the detection. Seems an incompatibility of two running antivirus, don't you think?
ClamAv isn't resident. It's on demand only.
Something Alwil needs to correct. it started on the 12th so it's something that was changed in avast!
The problem wasn't there prior to that date.
-
***
I have Clam AV installed with Spyware Terminator but I am not having any problems with avast.
***
-
Nope, it's ClamAV problem and I'm personally again doing anything on our side. It's usual non-encrypted data in their database, and it started because either them or we added that particular detection in the db.
But the root of the problem is still in their inability to provide inspection-safe db.
-
Nope, it's ClamAV problem and I'm personally again doing anything on our side. It's usual non-encrypted data in their database, and it started because either them or we added that particular detection in the db.
But the root of the problem is still in their inability to provide inspection-safe db.
If you don't intend to do anything, at least let me j=know what to do on my side so it stops annoying me. Thanks.
-
Uninstall clamav?
-
<snip>
But the root of the problem is still in their inability to provide inspection-safe db.
If you don't intend to do anything, at least let me j=know what to do on my side so it stops annoying me. Thanks.
There is nothing to stop you excluding the .clamtmp files in both Program Settings and Standard Shield, using the wild cards add this, C:\*\clamav-*.clamtmp that would save a) entering the full path and b) take account of the no doubt changing file names (e.g. the string between the clamav- and the .clamtmp file type.
Though personally I would be looking at the same suggestion as kubecj.
-
Hi you all,
Have the same alert as bob3160, only this started to-day, took no action on getting this alert:
Sign of "JS:ScriptSH=inf (Trj]" has been found in "K:\ClamWinPortable\Data\db\clamav-425ba79fa75915476839999d53b0a2c8f.00000039c.clamptmp" file,
So for the mo I have excluded ClamWin\ClamWinPortable\Data\db*
and everything fine,
polonus
-
that really should be ?:\ClamWin\ClamWinPortable\Data\db\* the ? which allows for the clamwin portable version USB not being allocated the same drive letter and you need to have the \ after db and before the wildcard.
I'm also not keen on excluding a whole folder as that could leave a small hole in your security, but to exclude only the troublesome file types within that folder, ?:\ClamWin\ClamWinPortable\Data\db\*.clamtmp
-
Hi DavidR,
Well tried the download with your suggestion, and got a alert, made the precision as ClamWin\ClamWinPortable\Data\db\*clamptmp and all is well,
polonus
-
If it is now working then I think you made a typo in your post, clamPtmp ?
-
I TOO AM HAVING THE SAME PROBLEM, AND IT'S SLOWING DOWN MY COMPUTER ABD FREEZING IT UP.
This is where this trogan horse is located, spyware has "removed" it from my computer 3 times... Everytime i run a new scan it pops back up on my computer? Please someone help me remove this. If i were to restore my computer to an earlier time will is rid my compuer of this? Thank you for anyone who can help.
This is where it's located.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\clamav-1c59e8bbc0e3be87438a54cad29e8900.00000fb0.clamtmp\daily.ndb
-
This indicates that you also have clamav installed and the problem is that clamav doesn't encrypt its virus signatures, so avast is detecting them.
So I don't know if you have somehow got clamav running resident (though I though it was only on-demand) and that would cause a slowness. Freezing could also be caused by conflict between two AVs.
Personally I would suggest that you uninstall clamav or exclude the files as mentioned in the above posts.
-
Nope, it's ClamAV problem and I'm personally again doing anything on our side. It's usual non-encrypted data in their database, and it started because either them or we added that particular detection in the db.
But the root of the problem is still in their inability to provide inspection-safe db.
Actually it's not ClamWin's problem at all, it's a clear case of yet another 'FALSE' Positive made by Avast, which is why most of us have ClamWin installed in the first place!
A simple fix that has already been outlined here is to simply add a wildcard exemption for ClamWin's various folders. So why can't Avast include these exemptions in their next update?
-
Hi trumpy81,
I have reported this issue also, when avast flagged this. I use ClamWin just to close the vulnerability window on machine and because it has another range of signatures as the run of the mill av-vendors.
I agree with you, ClamWin portable apps functioned fine upon my machine until avast started to interfere, I made an exclusion for these alerts and I do hope the issue can be settled with an upcoming update,
polonus
-
Actually it's not ClamWin's problem at all, it's a clear case of yet another 'FALSE' Positive made by Avast, which is why most of us have ClamWin installed in the first place!
Detecting someone's virus signatures is not a false positive; they are virus signatures, not just some random unrelated file.
A simple fix that has already been outlined here is to simply add a wildcard exemption for ClamWin's various folders. So why can't Avast include these exemptions in their next update?
And why can't Clam do their homework and properly scramble their virus database?
-
Nope, it's ClamAV problem and I'm personally again doing anything on our side. It's usual non-encrypted data in their database, and it started because either them or we added that particular detection in the db.
But the root of the problem is still in their inability to provide inspection-safe db.
Actually it's not ClamWin's problem at all, it's a clear case of yet another 'FALSE' Positive made by Avast, which is why most of us have ClamWin installed in the first place!
A simple fix that has already been outlined here is to simply add a wildcard exemption for ClamWin's various folders. So why can't Avast include these exemptions in their next update?
How can it possibly be a false positive, when avast is alerting on finding a virus signature, that is after all what an antivirus is meant to do. Why clamav haven't encrypted the signatures is beyond me as they must be aware that installed resident scanners will detect them.
There is no guarantee that clamav will always be installed in the same location, there is also nothing stopping clamav changing the file name format breaking any exclusion created. Personally I would be a bit pi**ed if the use of wildecard exclusions as without care that wildcard could leave a large hole in your security.
I also don't see why avast should chase other AVs issues of not encrypting their signatures like panda and calmav, two that I know of with the possibility of there being more.
-
David,
The exclusion you posted some time back as a reply to my original request for help
has work without any problems or risk to my system.
I'm again happily using avast! and have ClamAV available as a second opinion when needed.
Thanks :)
-
How can it possibly be a false positive, when avast is alerting on finding a virus signature, that is after all what an antivirus is meant to do. Why clamav haven't encrypted the signatures is beyond me as they must be aware that installed resident scanners will detect them.
There is no guarantee that clamav will always be installed in the same location, there is also nothing stopping clamav changing the file name format breaking any exclusion created. Personally I would be a bit pi**ed if the use of wildecard exclusions as without care that wildcard could leave a large hole in your security.
I also don't see why avast should chase other AVs issues of not encrypting their signatures like panda and calmav, two that I know of with the possibility of there being more.
The whole point of having an Anti-Virus program on ones computer in the first place is to prevent malicious code from tampering with ones computer. In this case ClamWin poses no threat to ones computer, in fact it is the opposite, and exists for the same purpose as does Avast, therefore, it is NOT a threat and hence my determination of a False Positive.
Granted, Clamwin should encrypt their database, but then Avast would/should detect ClamWin when it decrypts it's database, causing yet another False Positive.
A simple solution exists, (and yes you are correct in that Wildcards should not be used), and in this case I see no reason why it should not be implemented by default.
-
***
I have yet to have avast alert on ClamAV.
Perhaps because it is in Spyware Terminator?
***
-
***
I have yet to have avast alert on ClamAV.
Perhaps because it is in Spyware Terminator?
***
Not sure about that one, there was someone asking about the ClamAV and Spyware Terminator in the 'virus in temp' sticky thread
-Scott-
-
sorry i dident understand how to isolate the folder for avoiding the problem ??? ???
-
sorry i dident understand how to isolate the folder for avoiding the problem ??? ???
You need to use the Exclusion lists:
For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...
For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...
You can use wildcards like * and ?.
But be careful, you should 'exclude' that many files that let your system in danger.
-
sorry i dident understand how to isolate the folder for avoiding the problem ??? ???
Check my post in the previous page, Reply #8 of this topic, http://forum.avast.com/index.php?topic=45231.msg379055#msg379055 (http://forum.avast.com/index.php?topic=45231.msg379055#msg379055)
-
thanks and another thing but why clam av dont encripted well is database
-
I can't understand why either, but that is something you would have to ask them.
-
that really should be ?:\ClamWin\ClamWinPortable\Data\db\* the ? which allows for the clamwin portable version USB not being allocated the same drive letter and you need to have the \ after db and before the wildcard.
I'm also not keen on excluding a whole folder as that could leave a small hole in your security, but to exclude only the troublesome file types within that folder, ?:\ClamWin\ClamWinPortable\Data\db\*.clamtmp
Thanks for the information for users having ClamWinPortable installed on their USB flashdrives. I also have that setup. However, for my home PC, I have installed the static ClamWin on my hard drive [Windows Vista Home Premium 32-bit]. What would be the exclusion string for it? Thanks in advance. ???
-
The exclusion string example is independent of OS presuming you installed it in the OS.s program files folder, if the vista program files are stored in a different location you need to change 'program files' to that folder name. I don't use vista.
-
clamav-1c59e8bbc0e3be87438a54cad29e8900.00000fb0.clamtmp\daily.ndb
JS:scriptsh.inf [trg]
THAT IS A MESSAGE EVERY TIME I LOG INTO MY COMPUTER.. EVERY TIME I RUN SPYWARE TERMINATOR AND AVAST.. IS IT A TROGAN HORSE OR VIRUS.. I HAVE NO CLUE WHAT TO DO?? IT HAS BEEN GOING ON FOR ALMOST A MONTH. ;(
IF ANYONE CAN HELP I WOULD GREATLY APPRECAITE ANY AND ALL HELP
BOBBIE
-
Hi B123!
I'm for sure no expert for this, but I would suggest to contact someone from ClamAV that they solve this as it is their mistake I think...
It seems as they don't encrypt their files strong enough...
Or uninstall ClamAV. :)
The detected file can be deleted in my opinion, as it seems to be a temporary file...
yours
onlysomeone
-
B123,
1. Clamav is not compatible with avast (i.e., both installed and running).
2. Avoid CAPS, forum policy ;)
-
Tech,
1. Clamav is not compatible with avast (i.e., both installed and running).
ClamAV isn't resident. I've used it for a long time as a second opinion when avast! detects something.
Using the exclusion outlined by DavidR in the earlier part of this post has worked without any problems. :)
-
Sorry people, I've messed ClamAv with ClamWin.