I'm a software developer at Anzovin Studio. We've recently received a rather irate report from one of our users that the ClamAV is flagging one of our installers as being infected with Win.Trojan.378656. We've checked our other installers with ClamAV and a number of them are also being flagged. I think it is unlikely that they are actually infected with a Trojan, but I would like to rule out the possibility of course. If it is, as I suspect, a false positive it would be nice to have it no longer reported as malicious.
I see that there is a form on the ClamAV site for submitting false positives. Should I submit each of the installers in question? What is the process for handling false positives? Also, is there some reasonably straightforward way to find out what in particular about these installers is causing them to be flagged? As I said I think it is pretty unlikely that they are infected with any malware, but I would like to be able to rule out the possibility. The software in question was written before I came to the studio, and uses an installer program we no longer use except for older products, and that I am not familiar with. It is called Astrum InstallWizard. I suspect that there is something about the installer that's causing this. Thanks Tagore Smith _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
