ClamTk

I'm not sure which software is giving a "TRUE" result ....

Asked by Curtis A Hoover jr

I'm using a dual-bootable, machine with WinXP-32bit on one partition, and Linux 64-bit Ubuntu 16.04LTS on the other. After scanning Windows with ClamWin, I got this result; copied from its log file showing 2 files infected. This is a copy/paste of that log file:

Scan Started Fri Jun 16 18:14:20 2017
-------------------------------------------------------------------------------

H:\Documents and Settings\~\My Documents\Downloads\14-4-xp32-64-dd-ccc-pack2.exe: Win.Trojan.Parite-1025 FOUND
H:\Documents and Settings\~\My Documents\HDDSCSI3.iso: Win.Trojan.ComInfector-2 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 6297601
Engine version: 0.99.1
Scanned directories: 3285
Scanned files: 25521
Infected files: 2
Total errors: 3
Data scanned: 33122.06 MB
Data read: 21492.33 MB (ratio 1.54:1)
Time: 4220.453 sec (70 m 20 s)

I then, rebooted to Linux Ubuntu and rescanned the same two files with ClamTK ... ClamTK didn't report ANY infections otherwise upon those same two files.

I know that ClamWin and ClamTK are apples and oranges, comparing their respective databases, and the file handling characteristic of the two operating systems are, also quite different ....

So, I'm like a patient asking a Doctor, "Where should I get a second opinion ?"

BUT .... I'm also stuck not being able to use VirusTotal's false positive analysis page because BOTH files are larger than their 128MB file size upload limit.

I'm hoping that you could direct me to a possible conclusion to this dilemma.

Thanks
C. A. Hoover Jr.

Question information

Language:
English Edit question
Status:
Answered
For:
ClamTk Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Dave M (dave-nerd) said : 		#1

Hi,

First, I would caution against scanning Windows systems/drives with ClamTk, as I don't test that. Use Clamwin or another one that specializes in that.

Second, it's true that most AVs won't scan a file that large. By default, ClamTk won't scan them either. You can try enabling the setting to scan them that large (in the Settings), but I'd recommend not.

Can you search by hash sum of the file? Use md5sum or sha256sum to see if the file is known:

md5sum H:\Documents and Settings\~\My Documents\Downloads\14-4-xp32-64-dd-ccc-pack2.exe (for example).

Hopefully that helps. Again, please try using a different scanner for Windows.

respectfully
Dave M

Can you help with this problem?

Provide an answer of your own, or ask Curtis A Hoover jr for more information if necessary.

To post a message you must log in.