AV False positive ate Courier email exe

cactuspat · March 25, 2018, 11:39pm

The file is Courier.exe, my email program for 15+ yrs.

Restore from quarantine failed because it claims the system can’t find the file. So 15 yrs of my email is now inaccessible because Comodo AV ate the exe file!

Comodo updated the program, not just the database. The false positive occurred on the system restart today 03-25-18.

Comodo 10.2.0.6526
database 28745

What to do?

when submitting false positive via comodo website am getting the following error - “Error found in record insertion” - Comodo Antivirus Database | Submit Files for Malware Analysis

Comodo installed on Win7Pro system

cactuspat · March 26, 2018, 1:22am

I forgot to add the actual detection - Heur.Packed.MultiPacked@4294967295

fatih.orhan · March 26, 2018, 2:59am

Hi Cactuspat,

If you can send me the file directly to my email address, I’ll make sure it’s checked.

I’m sorry for the submission page error, this will be fixed.

thanks

cactuspat · March 26, 2018, 7:43pm

I figured out how to email you directly… but I don’t see anywhere to attach files on the form.

cactuspat · March 26, 2018, 10:03pm

i emailed you the file using reinstalled Courier email program and webmail but your email server rejected them as infected. Although my ISP delivered the CC’d copy to me with a fully functional, password protect archive file.

futuretech · March 26, 2018, 10:52pm

Your best option would be to use a file sharing site like google drive or one drive and provide a link.

cactuspat · March 27, 2018, 12:38am

G-drive - please have at it.

Courier.exe -
https://drive.google.com/file/d/1WHskpNRcQ-TxS-75Ea4IDrfxHcbKMl-Q/view?usp=sharing

Courier install file, in case you need it or want to try the program out - https://drive.google.com/open?id=1I7jGqpEKV30WqTjuXQxNPFCbOotC57hx

password to extract - Comodo_Courier

Chunli · March 27, 2018, 2:22am

Hi,cactuspat

The samples you submitted as false-positives is not detected by Comodo Internet Security version <10.1.0.6476> with database version <28751>.
<Courier.exe>SHA1:d7f61ecbc30dd09f57d164a8f676bb507afb66da
<courier3.exe>SHA1:0eae4929aa00ae3a5abc19489906e029e9d4fd52

Regards
Chunli.chen

cactuspat · March 27, 2018, 4:05pm

The samples you submitted as false-positives is not detected by Comodo Internet Security version <10.1.0.6476> with database version <28751>.

Exactly! The detection occurred after the latest update to ver 10.2.0.6526
database 28745

cactuspat · April 3, 2018, 4:49pm

Has anyone @ Comodo done anything to address this false positive? Not to be impatient but tick tock its been over a week!