Author Topic: ClamAV detected by avast! ???  (Read 13193 times)

Offline trumpy81

  • Newbie
  • *
  • Posts: 8
  • Gender: Male
  • I ain't no llama!!
    • trumpy.net
    • Personal Message (Offline)
Re: ClamAV detected by avast! ???
« Reply #15 on: May 25, 2009, 06:48:23 PM »
Nope, it's ClamAV problem and I'm personally again doing anything on our side. It's usual non-encrypted data in their database, and it started because either them or we added that particular detection in the db.

But the root of the problem is still in their inability to provide inspection-safe db.

Actually it's not ClamWin's problem at all, it's a clear case of yet another 'FALSE' Positive made by Avast, which is why most of us have ClamWin installed in the first place!

A simple fix that has already been outlined here is to simply add a wildcard exemption for ClamWin's various folders. So why can't Avast include these exemptions in their next update?
Regards
trumpy81

Intel D975XBX2 Motherboard
Pentium D 840 Extreme Edition
Corsair VS512MB667D2 x 4 = 2Gig
ATI Radeon X850 XT VIVO
Dual Samsung 940B 19" LCD
WDC WD2500KS-00MJB0 SATAII x 4
WDC WD800JB-00JJC0 PATA x 1
PIONEER DVD-RW DVR-111D x 1
Microsoft Windows Vista 32bit Ultimate Editio

Online polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20126
  • Gender: Male
  • malware fighter
    • Personal Message (Online)
Re: ClamAV detected by avast! ???
« Reply #16 on: May 25, 2009, 06:56:16 PM »
Hi trumpy81,

I have reported this issue also, when avast flagged this. I use ClamWin just to close the vulnerability window on machine and because it has another range of signatures as the run of the mill av-vendors.
I agree with you, ClamWin portable apps functioned fine upon my machine until avast started to interfere, I made an exclusion for these alerts and I do hope the issue can be settled with an upcoming update,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline igor

  • avast! team
  • Serious Graphoman
  • *
  • Posts: 11329
  • Gender: Male
    • AVAST Software
    • Personal Message (Offline)
Re: ClamAV detected by avast! ???
« Reply #17 on: May 25, 2009, 07:02:23 PM »
Actually it's not ClamWin's problem at all, it's a clear case of yet another 'FALSE' Positive made by Avast, which is why most of us have ClamWin installed in the first place!

Detecting someone's virus signatures is not a false positive; they are virus signatures, not just some random unrelated file.

A simple fix that has already been outlined here is to simply add a wildcard exemption for ClamWin's various folders. So why can't Avast include these exemptions in their next update?

And why can't Clam do their homework and properly scramble their virus database?

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: ClamAV detected by avast! ???
« Reply #18 on: May 25, 2009, 07:06:32 PM »
Nope, it's ClamAV problem and I'm personally again doing anything on our side. It's usual non-encrypted data in their database, and it started because either them or we added that particular detection in the db.

But the root of the problem is still in their inability to provide inspection-safe db.

Actually it's not ClamWin's problem at all, it's a clear case of yet another 'FALSE' Positive made by Avast, which is why most of us have ClamWin installed in the first place!

A simple fix that has already been outlined here is to simply add a wildcard exemption for ClamWin's various folders. So why can't Avast include these exemptions in their next update?

How can it possibly be a false positive, when avast is alerting on finding a virus signature, that is after all what an antivirus is meant to do. Why clamav haven't encrypted the signatures is beyond me as they must be aware that installed resident scanners will detect them.

There is no guarantee that clamav will always be installed in the same location, there is also nothing stopping clamav changing the file name format breaking any exclusion created. Personally I would be a bit pi**ed if the use of wildecard exclusions as without care that wildcard could leave a large hole in your security.

I also don't see why avast should chase other AVs issues of not encrypting their signatures like panda and calmav, two that I know of with the possibility of there being more.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline bob3160

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23936
  • Gender: Male
  • 53 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
    • Personal Message (Offline)
Re: ClamAV detected by avast! ???
« Reply #19 on: May 25, 2009, 07:28:36 PM »
David,
The exclusion you posted some time back as a reply to my original request for help
has work without any problems or risk to my system.
I'm again happily using avast! and have ClamAV available as a second opinion when needed.
Thanks  :)
Free avast! Security Seminar: http://www.authorstream.com/Presentation/bob3160-1425909-protecting-yourself/    -  Important: http://www.organdonor.gov/
My Blog: http://bob3160.blogspot.com/ - Win 8.1 Pro 64bit, 4 Gig Ram, avast!2014.9.0.2015 Free, MBAM, WinPatrol -- How to Successfully Install avast! http://goo.gl/VLXde
                     - It's nice to be Important. - It's more important to be Nice. -

Offline trumpy81

  • Newbie
  • *
  • Posts: 8
  • Gender: Male
  • I ain't no llama!!
    • trumpy.net
    • Personal Message (Offline)
Re: ClamAV detected by avast! ???
« Reply #20 on: May 25, 2009, 07:41:27 PM »

How can it possibly be a false positive, when avast is alerting on finding a virus signature, that is after all what an antivirus is meant to do. Why clamav haven't encrypted the signatures is beyond me as they must be aware that installed resident scanners will detect them.

There is no guarantee that clamav will always be installed in the same location, there is also nothing stopping clamav changing the file name format breaking any exclusion created. Personally I would be a bit pi**ed if the use of wildecard exclusions as without care that wildcard could leave a large hole in your security.

I also don't see why avast should chase other AVs issues of not encrypting their signatures like panda and calmav, two that I know of with the possibility of there being more.

The whole point of having an Anti-Virus program on ones computer in the first place is to prevent malicious code from tampering with ones computer. In this case ClamWin poses no threat to ones computer, in fact it is the opposite, and exists for the same purpose as does Avast, therefore, it is NOT a threat and hence my determination of a False Positive.

Granted, Clamwin should encrypt their database, but then Avast would/should detect ClamWin when it decrypts it's database, causing yet another False Positive.

A simple solution exists, (and yes you are correct in that Wildcards should not be used), and in this case I see no reason why it should not be implemented by default.

Regards
trumpy81

Intel D975XBX2 Motherboard
Pentium D 840 Extreme Edition
Corsair VS512MB667D2 x 4 = 2Gig
ATI Radeon X850 XT VIVO
Dual Samsung 940B 19" LCD
WDC WD2500KS-00MJB0 SATAII x 4
WDC WD800JB-00JJC0 PATA x 1
PIONEER DVD-RW DVR-111D x 1
Microsoft Windows Vista 32bit Ultimate Editio

Offline CharleyO

  • avast! Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7102
  • Gender: Male
  • Be alert for error code - ID 10T
    • Personal Message (Offline)
Re: ClamAV detected by avast! ???
« Reply #21 on: May 26, 2009, 07:04:33 AM »
***

I have yet to have avast alert on ClamAV.

Perhaps because it is in Spyware Terminator?


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4138
  • Gender: Male
  • There is no magic, only lost physics
    • spg SCOTT
    • Personal Message (Offline)
Re: ClamAV detected by avast! ???
« Reply #22 on: May 26, 2009, 10:26:02 AM »
***

I have yet to have avast alert on ClamAV.

Perhaps because it is in Spyware Terminator?


***

Not sure about that one, there was someone asking about the ClamAV and Spyware Terminator in the 'virus in temp' sticky thread

-Scott-
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline megas

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: ClamAV detected by avast! ???
« Reply #23 on: May 26, 2009, 01:47:38 PM »
sorry i dident understand how to isolate the folder for avoiding the problem ??? ???

Online Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64877
  • Gender: Male
    • Personal Message (Online)
Re: ClamAV detected by avast! ???
« Reply #24 on: May 26, 2009, 06:52:40 PM »
sorry i dident understand how to isolate the folder for avoiding the problem ??? ???
You need to use the Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be careful, you should 'exclude' that many files that let your system in danger.
The best things in life are free.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: ClamAV detected by avast! ???
« Reply #25 on: May 26, 2009, 07:00:08 PM »
sorry i dident understand how to isolate the folder for avoiding the problem ??? ???

Check my post in the previous page, Reply #8 of this topic, http://forum.avast.com/index.php?topic=45231.msg379055#msg379055
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline megas

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: ClamAV detected by avast! ???
« Reply #26 on: May 27, 2009, 06:07:55 AM »
thanks and another thing but why clam av dont encripted well is database

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: ClamAV detected by avast! ???
« Reply #27 on: May 27, 2009, 12:51:59 PM »
I can't understand why either, but that is something you would have to ask them.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline netgk5815

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: ClamAV detected by avast! ???
« Reply #28 on: June 01, 2009, 01:20:00 AM »
that really should be ?:\ClamWin\ClamWinPortable\Data\db\* the ? which allows for the clamwin portable version USB not being allocated the same drive letter and you need to have the \ after db and before the wildcard.

I'm also not keen on excluding a whole folder as that could leave a small hole in your security, but to exclude only the troublesome file types within that folder, ?:\ClamWin\ClamWinPortable\Data\db\*.clamtmp

Thanks for the information for users having ClamWinPortable installed on their USB flashdrives. I also have that setup. However, for my home PC, I have installed the static ClamWin on my hard drive [Windows Vista Home Premium 32-bit]. What would be the exclusion string for it? Thanks in advance.    ???
« Last Edit: June 01, 2009, 01:34:24 AM by netgk5815 »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: ClamAV detected by avast! ???
« Reply #29 on: June 01, 2009, 02:01:50 AM »
The exclusion string example is independent of OS presuming you installed it in the OS.s program files folder, if the vista program files are stored in a different location you need to change 'program files' to that folder name. I don't use vista.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now