Tagore, Thanks for your FP report. The process for submitting suspected false positives is to go through the webpage http://www.clamav.net/lang/en/sendvirus/submit-fp/ . We monitor submission that come in through that feed and address them as soon as possible. For a high priority FP, please email this list with the MD5/SHA256 of the sample(s) you submitted.
In this particular case, the signature name you provided was enough information to confirm the FP. The signature has been removed and this should be reflected in a DB update later today. Thanks, - Alain On Wed, Jan 15, 2014 at 11:59 AM, Tagore Smith <tagoresm...@gmail.com>wrote: > I'm a software developer at Anzovin Studio. We've recently received a > rather irate report from one of our users that the ClamAV is flagging one > of our installers as being infected with Win.Trojan.378656. We've checked > our other installers with ClamAV and a number of them are also being > flagged. I think it is unlikely that they are actually infected with a > Trojan, but I would like to rule out the possibility of course. If it is, > as I suspect, a false positive it would be nice to have it no longer > reported as malicious. > > I see that there is a form on the ClamAV site for submitting false > positives. Should I submit each of the installers in question? What is the > process for handling false positives? > > Also, is there some reasonably straightforward way to find out what in > particular about these installers is causing them to be flagged? As I said > I think it is pretty unlikely that they are infected with any malware, but > I would like to be able to rule out the possibility. > > The software in question was written before I came to the studio, and uses > an installer program we no longer use except for older products, and that I > am not familiar with. It is called Astrum InstallWizard. I suspect that > there is something about the installer that's causing this. > > Thanks > Tagore Smith > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
