Great insight Tom, thanks. I'll post one on the Clamav false positives page and research some more.
Tim Clarke -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Metro Sent: 18 February 2006 15:57 To: [email protected] Subject: Re: [clamav-win32] Four false positives Tim Clarke wrote: > Suddenly had four false positives from clamav last night. ... > ...\Common Files\GTK\2.0\uninst.exe: Trojan.Clicker.Small-100 FOUND > ...\Gaim\gaim-uninst.exe: Trojan.Clicker.Small-100 FOUND > ...\ethereal-setup-0.10.12.exe: Trojan.Clicker.Small-100 FOUND > ...\gaim-1.5.0.exe: Trojan.Clicker.Small-100 FOUND > > Any ideas anyone? This may not shed much light on the situation, but given that those are all installers for open source apps., they're probably all instances of the nullsoft installer (http://nsis.sourceforge.net/), and thus you're probably seeing one false positive. You could confirm this by running ClamAV on another machine, first proving that it's clean, then installing one of these apps. from a fresh downloaded from a trusted source. No mention on the nullsoft site of a known false positive against their installer, but if that was a newly added signature, it may be too soon. Might be worth doing a Google Groups search. -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/ _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32 _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
