does NOD have issues with Clam AV?

I just downloaded and installed Portable Apps on a USB stick and included (just for the fun of it) Clam AV. When I tried this AV to scan the files on the USB stick, it came up clean but NOD on my PC came up with dozens of alerts and quarantines relating to clam av - all in temp files and all relating to Win32/RiskWare.PEMalfform.E.application

What exactly is NOD telling me here?

 

Hello beethoven

I noticed the notification "Riskware", that you receive from the scanning of your usb . Here is a link from Eset Virus Radar explaining the term "RiskWare"

Hope it helps, at least just a little bit )

Cheers, Janus

 

I kind of expected something like this but should clam av not be whitelisted?

 

Afaik AV vendors does not whitelist each other, so No it shouldn't. But I guess you could always add Clam to your exclusion list (internal whitelist) on your own, so it doesn't get scanned by NOD32 in future scans.

 

Running 2 Antivirus products on the same computer has always caused problems since the start of time

 

If you believe it was an FP, submit it to ESET for a look.

You might want to check where your download originated.

 

I am not running two AV on the same pc - as explained at the beginning, I installed this on my USB stick. The idea is to have some additional protection to carry around, I don't need it for my pc as this is indeed taken care of by NOD.

 

I have submitted these via the module but they state they will not respond directly unless they need further info. The download came from the official site for Portable Apps and the original installation file for the exe was fine according to NOD (installed on my PC) as well as virustotal.
I think the way clamav has packaged their file is causing NOD indigestion - possibly this way could also be used for unwanted purposes but unless Clam AV is no longer considered a proper AV (I am not saying it's a good one), it should be exempted from the general alert.

 

Hello Beethoven...(I just have a small break) )


I will give you that much, that it is sometimes, or can be very confusing, whit terms like Potentially Unwanted Application (pua), Riskware, Grayware, and for that sake, Possibly Unsafe Application . And it is even more confusing, that those different categories/terms are overlapping each other. In generally I mean that the Av industry may rethink, and maybe reinvent another way to categorise these software groups. All in the favor for the ordinary home user, and me. Who most likely, would have a small panic attack for every pop up notification an Av would produce. If you have trouble sleeping then I have found two links that I think give a good basic insight in these categories: (At least it did for me).

Link A: What is Riskware?

Link B: PUA , In the bottom of this second link, there is a link to a white paper (pdf file) from Aryeh Goretsky.

Regards, Janus

 

The detection is correct. ClamAV and TrendMicro unpack files in an unencrypted form (although non-functional) which triggers detection by real-time protection modules.