False Positives

Akbalder · November 2, 2006, 10:23pm

I think that CAVS 2 beta detects false postive with :
http://www.adslautoconnect.net/download.php

What should I do ?

m0ng0d · November 2, 2006, 10:29pm

submit the files for review.

justin1278 · November 2, 2006, 10:30pm

Hello,

First, please confirm that this is not a virus, you may do so by scanning it with a service such as www.virustotal.com. If it is a virus, you can use the file submitter inside CAVS. Or e-mail the file to malwaresubmit@comodo.com telling them you believe the file to be a false positive.

Akbalder · November 2, 2006, 10:33pm

Ok, but when will I know if it is really a virus ?
The new virus definition list will only be available with a new release of cavs ?

justin1278 · November 2, 2006, 10:35pm

By doing a scan of the file using VirusTotal to scan the file.

Akbalder · November 2, 2006, 10:47pm

I just tested with virustotal :
Ikarus found “IRC-Worm.Momma.F”
UNA found “Worm.Win32.Randon” (same as CAVS)
Fortinet and Panda say “Suspicious file”
The 22 others found nothing

I won’t use this application right now ;).
Is it possible to know the result of comodo team’s analyse ?

justin1278 · November 2, 2006, 11:07pm

Hello,

Not sure, I would go ahead and submit it to the e-mail that I posted above. In the body I would request for them to reply with their results.

jpazindustries · November 3, 2006, 1:15am

speaking of false positives. comodo antivirus v1.1 said that my pegasus mail client was a mass mail worm. can anyone confirm this?

Scott_B · November 7, 2006, 5:18pm

Hmm, maybe it’s been packed with an exe packer or cryptor that these 3 av’s cannot unpack yet and are using the .sig base for these files.

I wonder what cavs 2.0’s power is in unpacking all the various protectors and packers myself