Greetings, Recently, ClamAV version 0.90.2 with main.cvd version 44 and daily.cvd version 4540 reported that an EXE on one of our servers was infected with Hacktool.PCGI. This EXE came from a pretty reputable source, and when I scanned the same file with Symantec AntiVirus, it claimed that the file was clean. So, what now? Is there any way I can provide information to the folks who maintain the ClamAV virus definitions to help them (a) determine whether ClamAV or SAV is correct, and (b) if the latter, fine-tune the ClamAV signature to prevent this false positive from recurring? Basically, what's the protocol for a suspected false positive?
Thanks, jik _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html