fetasail Posted July 22, 2013 Report Share Posted July 22, 2013 After unpacking Coral 8.9.0 (MD5 sum matches) and before running it, ClamAV antivirus engine reports the uniserver directory contains a trojan virus: Scan Started Mon Jul 22 17:35:06 2013 ------------------------------------------------------------------------------- C:\UniServer\help.exe: Win.Trojan.6863845 FOUND C:\UniServer\Start_as_program.exe: Win.Trojan.6863845 FOUND C:\UniServer\Start_as_service.exe: Win.Trojan.6863845 FOUND C:\UniServer\uni_con\top_level\help.exe: Win.Trojan.6863845 FOUND C:\UniServer\uni_con\top_level\Start_as_program.exe: Win.Trojan.6863845 FOUND C:\UniServer\uni_con\top_level\Start_as_service.exe: Win.Trojan.6863845 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 2533538 Engine version: 0.97.8 Scanned directories: 234 Scanned files: 2148 Infected files: 6 Data scanned: 111.34 MB Data read: 98.01 MB (ratio 1.14:1) Time: 63.907 sec (1 m 3 s) -------------------------------------- Completed -------------------------------------- Quote Link to comment Share on other sites More sharing options...
Ric Posted July 23, 2013 Report Share Posted July 23, 2013 Any antivirus producing an alert must be taken seriously. That said they are not infallible and sometimes produce false positives generally due to their use of heuristic detection. Interestingly if you run the above files using an on-line service such as https://www.virustotal.com they are passed by ClamAV and all major AV programs. However you will notice that there is a detection ratio of 4/47 that is 4 positives, which are possibly genuine but most likely false positives. If you are feeling paranoid you have two options:1] Delete the files and copy their corresponding batch files from folder UniServer\uni_con\top_level to folder UniServer and run the servers using these batch files.2] Alternatively download and use Uniform Server Zero. It is advisable for anyone receiving an alert to submit the file to his or her AV software vendor for confirmation; in the case of false positives they generally update their virus definition-signatures in the next release to resolve these issues. All the bestRic Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.