On Tuesday 17 February 2004 1:11 pm, isp-lists [at] beachcomp.com wrote: > I ran across the same issue this morning. > Fresh install of Clam from last night.
Can anyone suggest why a genuine network driver for Windows ME should contain the text string "Fun" "Loving" "Criminals" (without the quotes - this should be enough obfuscation to get this posted to the list)? Seems like a highly strange thing to find inside a legitimate piece of code, to me. Regards, Antony. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Antony Stone > Sent: Tuesday, February 17, 2004 7:59 AM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] Clamav false positive? > > On Tuesday 17 February 2004 4:18 am, Sam Miller wrote: > > Firstly, I'd like to say thank you for such a useful utility. > > > > My question concerns scanning a Windows partition from a Linux > > partition on the same drive. Running Clamav 0.65-3 on Debian based > > Libranet, scanned a WinME partition and came up with the report that > > FunLove.4099 had been found in several drivers (LAN I think). Looking > > through the files with MC turned up the text > > I recommend you do not post to the ClamAV list, including text which is > matched for a virus signature in your posting :) Many of the subscribers > will never see it because they are running ClamAV, and your email gets > detected as a virus (I had to release my copy from MailScanner's quarantine > before I could read what you had written). > > > Why I'm unsure is that my free Windows anti-virus program never > > detected it. But I was unsure and downloaded the Symantec cleaning > > tool. It didn't find anything. > > > > Is there some inherent risk for false positives with scanning Windows > > from Linux? > > No, there is no specific F-P risk associated with scanning Windows systems > compared to any other. > > Please could you tell us the names of the specific WinME files in which you > found the text F-L-C (corrupted here to avoid triggering the ClamAV > signature again), and perhaps supply MD5 hashes for them so anyone here who > also has a WinME system (anyone?) can check to see if you have normal or > trojaned versions of the files? > > Regards, > > Antony. -- Abandon hope, all ye who enter here. You'll feel much better about things once you do. Please reply to the list; please don't CC me. ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
