Jonathan Kamens wrote: > Greetings, > > Recently, ClamAV version 0.90.2 with main.cvd version 44 and daily.cvd > version 4540 reported that an EXE on one of our servers was infected > with Hacktool.PCGI. This EXE came from a pretty reputable source, and > when I scanned the same file with Symantec AntiVirus, it claimed that > the file was clean. So, what now? Is there any way I can provide > information to the folks who maintain the ClamAV virus definitions to > help them (a) determine whether ClamAV or SAV is correct, and (b) if the > latter, fine-tune the ClamAV signature to prevent this false positive > from recurring? Basically, what's the protocol for a suspected false > positive? > > Thanks, > > jik
http://cgi.clamav.net/sendvirus.cgi Mark it as a false positive. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
