does NOD have issues with Clam AV?

Discussion in 'ESET NOD32 Antivirus' started by beethoven, Apr 21, 2013.

Thread Status:
Not open for further replies.
  1. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,040
    I just downloaded and installed Portable Apps on a USB stick and included (just for the fun of it) Clam AV. When I tried this AV to scan the files on the USB stick, it came up clean but NOD on my PC came up with dozens of alerts and quarantines relating to clam av - all in temp files and all relating to Win32/RiskWare.PEMalfform.E.application

    What exactly is NOD telling me here?
     
  2. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
    Hello beethoven

    I noticed the notification "Riskware", that you receive from the scanning of your usb . Here is a link from Eset Virus Radar explaining the term "RiskWare"

    Hope it helps, at least just a little bit :))

    Cheers, Janus
     
    Last edited: Apr 21, 2013
  3. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,040
    I kind of expected something like this but should clam av not be whitelisted?
     
  4. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Afaik AV vendors does not whitelist each other, so No it shouldn't. But I guess you could always add Clam to your exclusion list (internal whitelist) on your own, so it doesn't get scanned by NOD32 in future scans.
     
  5. 4L3X

    4L3X Registered Member

    Joined:
    Sep 13, 2006
    Posts:
    40
    Running 2 Antivirus products on the same computer has always caused problems since the start of time :D
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    If you believe it was an FP, submit it to ESET for a look.

    You might want to check where your download originated.
     
    Last edited: Apr 21, 2013
  7. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,040
    I am not running two AV on the same pc - as explained at the beginning, I installed this on my USB stick. The idea is to have some additional protection to carry around, I don't need it for my pc as this is indeed taken care of by NOD.
     
  8. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,040
    I have submitted these via the module but they state they will not respond directly unless they need further info. The download came from the official site for Portable Apps and the original installation file for the exe was fine according to NOD (installed on my PC) as well as virustotal.
    I think the way clamav has packaged their file is causing NOD indigestion - possibly this way could also be used for unwanted purposes but unless Clam AV is no longer considered a proper AV (I am not saying it's a good one), it should be exempted from the general alert.
     
  9. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
    Hello Beethoven...(I just have a small break) :))


    I will give you that much, that it is sometimes, or can be very confusing, whit terms like Potentially Unwanted Application (pua), Riskware, Grayware, and for that sake, Possibly Unsafe Application . And it is even more confusing, that those different categories/terms are overlapping each other. In generally I mean that the Av industry may rethink, and maybe reinvent another way to categorise these software groups. All in the favor for the ordinary home user, and me. Who most likely, would have a small panic attack for every pop up notification an Av would produce. If you have trouble sleeping ;) then I have found two links that I think give a good basic insight in these categories: (At least it did for me).

    Link A: What is Riskware?

    Link B: PUA , In the bottom of this second link, there is a link to a white paper (pdf file) from Aryeh Goretsky.

    Regards, Janus
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The detection is correct. ClamAV and TrendMicro unpack files in an unencrypted form (although non-functional) which triggers detection by real-time protection modules.
     
Thread Status:
Not open for further replies.