Overblog
Editer l'article Suivre ce blog Administration + Créer mon blog
9 janvier 2011 7 09 /01 /janvier /2011 23:30

The Clam version I'm gonna talk about is there: http://www.clamav.net/about/win32/  So it's about the famous new technology "in the cloud".

It runs on Win 7 fully patched, and also on WXP SP3 with all security patches.

 

Since it's not the first false positive I notice while using Clam ITC, I'm gonna report here a few examples I find interesting.

 

Filezilla :

First I had an issue while trying to download Filezilla client.

I was there: http://filezilla-project.org/download.php?type=client

then I went to: http://sourceforge.net/projects/filezilla/files/FileZilla_Client/3.3.5.1/FileZilla_3.3.5.1_win32-setup.exe/download 

At the beginning of the download Clam ITC prompted a warning telling me that a W32.corrupt had been detected and deleted.

FP_filezilla_W32.corrupt_090111-copie-2.jpg

 

But if I refresh the page, the download will then start without any alert...

To a lambda user, this could be annoying / worrying. But what I try to understand is why this happens only from time to time, and not always, with the same link... is there any problem with Clam ITC signatures spreading or generating? 

 

Liberkey - HDspeed :

 

While trying to update my local Liberky install, Clam did prompt an alert about several detections... 

FP1_HDspeed_unkpacker_090111.jpg

FP2_HDspeed_w32.trojan_090111.jpg

Why the French version of HDSpeed should be detected as a quite different threat from the standard (international) version?

 

FP_smsniff_W32.Rozena_090111.jpg

This one, I don't really know if Clam is right or not. I'll find out and update my post.

 

Partager cet article

Repost0

commentaires