Jump to content
The Uniform Server Community

ClamAV reports trojans in the installer


Recommended Posts

After unpacking Coral 8.9.0 (MD5 sum matches) and before running it, ClamAV antivirus engine reports the uniserver directory contains a trojan virus:


Scan Started Mon Jul 22 17:35:06 2013

C:\UniServer\help.exe: Win.Trojan.6863845 FOUND
C:\UniServer\Start_as_program.exe: Win.Trojan.6863845 FOUND
C:\UniServer\Start_as_service.exe: Win.Trojan.6863845 FOUND
C:\UniServer\uni_con\top_level\help.exe: Win.Trojan.6863845 FOUND
C:\UniServer\uni_con\top_level\Start_as_program.exe: Win.Trojan.6863845 FOUND
C:\UniServer\uni_con\top_level\Start_as_service.exe: Win.Trojan.6863845 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 2533538
Engine version: 0.97.8
Scanned directories: 234
Scanned files: 2148
Infected files: 6
Data scanned: 111.34 MB
Data read: 98.01 MB (ratio 1.14:1)
Time: 63.907 sec (1 m 3 s)

Link to comment
Share on other sites

Any antivirus producing an alert must be taken seriously. That said they are not infallible and sometimes produce false positives generally due to their use of heuristic detection. Interestingly if you run the above files using an on-line service such as https://www.virustotal.com they are passed by ClamAV and all major AV programs. However you will notice that there is a detection ratio of 4/47 that is 4 positives, which are possibly genuine but most likely false positives.


If you are feeling paranoid you have two options:

1] Delete the files and copy their corresponding batch files from folder UniServer\uni_con\top_level to folder UniServer and run the servers using these batch files.

2] Alternatively download and use Uniform Server Zero.


It is advisable for anyone receiving an alert to submit the file to his or her AV software vendor for confirmation; in the case of false positives they generally update their virus definition-signatures in the next release to resolve these issues.


All the best


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...