about false alarm

[MrBabis]

what should I write in the mail "Subject" and "Body" when I sending file that contains false possetive file?
Do I need to password protect it?

How long time would it take to fix the problem?

[DavidR]

Subject - Possible False Positive detection or other suitable words, there is no specific requirement.

Body - Give a brief outline of the problem (possibly a link to this thread, if applicable), the fact that you believe it to be a either a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

If you are sending the file from the chest, there is no need to password protect it. If you are sending it from outside the chest, then if you can zip and password protect ('virus', will do) the suspect file, attach it and send it to virus @ avast.com (no spaces).

If it is indeed a false positive, add it to the exclusions lists and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.

Time is not something which is fixed but dependent on priorities, but they have been turning round FPs corrections and inclusions of new viruses quicker recently.

[bob3160]

MrBabis,
It would also be nice if you gave us a heads up of the possible false positive.
That way if we're using the program in question, it wouldn't be a total surprise.
Thanks

[MrBabis]

I asking here just in case that it is good to have some samples on what and how mail must look like when it will be send to avast for analyze or for some other requests.

[polonus]

Hi MrBabis,

False positives could be a pain in the neck, well in the case of an online scanner that starts to delete false positives right away.
Whenever you are flagged that you have a suspicious file or even a virus alert, you should get informed about the infection before you make an informed decision, that means scan a second time,
make a notepad file with all that is found in these exact wordings,
take a search out on the net and in a virus encyclopedia to see
what you have at hand, and update the file to Jotti or Virustotal to see whether other virusscanners come with a positive also (may it be under another name). If you are sure you have met a false positive, you should forward this like adviced to the AV-vendor to be analyzed anew. We in the forum like to hear on FP's too like Bob3160 says, but it is also important to inform the developer of the file at hand that a FP was found there. If he is a trusted party he is entitled to get a friendly e-mail also.

I must admit that AV-scanner have different attitudes to flagging suspicious files. Some even flag joke files, because they reason it can startle the end-user, so an animated file that threats to f-disk you, is flagged as a joke.file virus and considered to be deleted, while it is still quite harmless computer-wise. Then there are more FPs when you scan heuristically. So always seek a second opinion.

polonus