Author Topic: ClamAV False positive ?  (Read 7139 times)

Fortimian

  • Newbie
  • *
  • Posts: 1
    • View Profile
on: October 15, 2017, 07:45:58 AM
Hello, Backbox is an operating system that I appreciate very much.
Unfortunately, by doing a "fresh / clean" antivirus scan of the system, the antivirus detects a lot of viruses, false positive because of hacking tools? Maybe I do not know but there were well thirty viruses, I invite you to do the test with ClamAV.
How to be sure that Backbox is clean? I appreciate Backbox.



ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 580
    • View Profile
Reply #1 on: October 18, 2017, 02:06:29 PM
Hello, Backbox is an operating system that I appreciate very much.
Unfortunately, by doing a "fresh / clean" antivirus scan of the system, the antivirus detects a lot of viruses, false positive because of hacking tools? Maybe I do not know but there were well thirty viruses, I invite you to do the test with ClamAV.
How to be sure that Backbox is clean? I appreciate Backbox.
they are all security tools.

Antivirus for linux? it is a joke!!!



polakiov

  • Newbie
  • *
  • Posts: 2
    • View Profile
Reply #2 on: October 22, 2017, 01:05:15 PM
How to be sure?
An antivirus is not useless on Linux.
Viruses and backdoors exist on linux...



polakiov

  • Newbie
  • *
  • Posts: 2
    • View Profile
Reply #3 on: October 22, 2017, 01:05:37 PM
How to be sure?
An antivirus is not useless on Linux.
Viruses and backdoors exist on linux...



ZEROF

  • Hero Member
  • *****
  • Posts: 1244
    • View Profile
    • Pen Tester
Reply #4 on: October 23, 2017, 09:30:48 PM
Hi,

I was working a lot with clamav in the past, and you are going always to have false positive, but with right settings that can be fixed +-. For start, you must know, that you are using only public hash data bases when you install clamav, and that db is updated every hour. You must learn how to write your own protection system.

Scenario ... you want to block some type of files on your system or your app or software etc.. Clamav have option for integration of this "advanced" futures. You can integrate private signature base as well. Public db can be found here http://sanesecurity.com/usage/signatures/, and one of the best private db is https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml, etc..

You will need to spend sometime working with clamav before you learn to put clamav to best usage.


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 580
    • View Profile
Reply #5 on: October 24, 2017, 03:04:45 PM
How to be sure?
An antivirus is not useless on Linux.
Viruses and backdoors exist on linux...
for those who know to handle well linux antivirus is simply a joke. if you are moving from microsof systems to linux you need to make a  radical move, dont bring your old mentality...