clamav-users June 2008 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [Clamav-users] Massive false positives: Trojan

Re: [Clamav-users] Massive false positives: Trojan.Downloader-41859

From: shuttlebox <shuttlebox_at_nospam>
Date: Sat Jun 28 2008 - 09:46:06 GMT
To: "ClamAV users ML" <clamav-users@lists.clamav.net>


On Sat, Jun 28, 2008 at 10:44 AM, Laurent POUJOULAT <laurent.poujoulat@art-technology.fr> wrote:
> Hi,
>
> We had massive false positives today on our Redhat file server:
> Trojan.Downloader-41859 on several windows executable files. All concerned
> files are windows setup files. These files have been cross-checked with other
> AV and against their reference files, so I'm sure they are clean. Disabling
> algorithmic detection does not change anything.
>
> The problem exists with 93.1 under Redhat Enterprise 4, 64 bits and with 92.1
> under Ubuntu 8.04 64 bits
> The databases are:
> main.inc is up to date (version: 47, sigs: 312304, f-level: 31, builder: sven)
> daily.inc is up to date (version: 7579, sigs: 19711, f-level: 31, builder:
> neo)
>
> You can check this against the DOxygen Windows setup file for version 1.5.5
>
> doxygen-1.5.5-setup.exe
>
> Any fix or workaround for this ? I would not like to move back a load of files
> from quarantine again !

If you think it's a false positive you can upload it as such here:

http://www.clamav.org/sendvirus/ -- Dave Barry - "Camping is nature's way of promoting the motel business." _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml