LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices



Reply
 
Search this Thread
Old 07-19-2012, 05:58 PM   #1
odiseo77
Senior Member
 
Registered: Dec 2004
Location: Caracas, Venezuela
Distribution: Debian Sid, OpenSUSE 13.1
Posts: 1,022

Rep: Reputation: 315Reputation: 315Reputation: 315Reputation: 315
Windows related question: Which AV would you trust?


Hi folks,

I need to know if certain files are clean (it's a .zip file containing other windows related files). I scanned the zip with Clamav under Linux (through the ClamTK interface), and got a warning about some about some PUA.something (Potentially Unwanted Application; can't copy the exact warning atm since I'm not in my PC right now, but will do it when I get home). Then I booted a Windows XP VM, scanned the .zip with Malwarebytes (the free version), AVGfree and SpybotSD, and all of them told me the file was clean. I did a web search about the warning returned by ClamTK and found some threads in other forums -even in the Clamav forum, IIRC- where people claimed this is a fake positive due to Clamav detecting some type of packers (I think this is the word they used) that are present in some type of malware, but that can be present in clean files too.

So, after this explanation of the problem, which AV would you trust in this case? I've read that Malwarebytes is really good at detecting malware, so I'm thinking this might indeed be a fake positive, but still would like to hear other people's opinion on this.

Thank you in advance!
 
Old 07-19-2012, 06:09 PM   #2
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,653
Blog Entries: 2

Rep: Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096
If it is under 32 MB you can test it with VirusTotal, which will test the file with a whole bunch of different scanners.
Other than that, if only ClamAV claims to have found malware I would think that it really is a false positive.
 
Old 07-19-2012, 06:13 PM   #3
odiseo77
Senior Member
 
Registered: Dec 2004
Location: Caracas, Venezuela
Distribution: Debian Sid, OpenSUSE 13.1
Posts: 1,022

Original Poster
Rep: Reputation: 315Reputation: 315Reputation: 315Reputation: 315
Thank you TobiSGD, didn't know about this site. Since it's only about 16 MB, I'll test it when I get home. I'll let you know if I find something.

Thank you again!
 
Old 07-19-2012, 08:59 PM   #4
odiseo77
Senior Member
 
Registered: Dec 2004
Location: Caracas, Venezuela
Distribution: Debian Sid, OpenSUSE 13.1
Posts: 1,022

Original Poster
Rep: Reputation: 315Reputation: 315Reputation: 315Reputation: 315
Well I checked the file and got 2 positives and 30 negatives. ESET-NOD32 says it's a variant of Win32/Packed.VProtect.C, and Sophos says it's a Sus/UnkPacker. Even Clamav on VirusTotal says it's clean,and the Clamav Database was updated the July the 20th. BTW, the warning returned by ClamTK is PUA.Win32.Packer.PrivateExeProte-10.

I think I'm going to take the slight risk and use these files.

Thanks!
 
Old 07-19-2012, 10:02 PM   #5
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 8,254

Rep: Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559
Going back to your subject line, I have used AVG Free for a number of years and it has served me well. They will make several attempts to sell their for-pay product before you actually reach the AVG Free download link.

I used to use F-Prot and also think highly of them, but they did away with their "free for home use" version. McAfee and Norton are far too clunky for my taste.

Malwarebytes is highly regarded by the denizens of alt.comp.virus. The free version is strictly an on demand scanner.

Last edited by frankbell; 07-19-2012 at 10:03 PM.
 
Old 07-19-2012, 11:08 PM   #6
nixblog
Member
 
Registered: May 2012
Posts: 426

Rep: Reputation: 52
As frankbell stated, AVG Free is a good one but my personal favourite is Avast. Also Malwarebytes free version to attack the nasties from another angle too
 
Old 07-19-2012, 11:29 PM   #7
odiseo77
Senior Member
 
Registered: Dec 2004
Location: Caracas, Venezuela
Distribution: Debian Sid, OpenSUSE 13.1
Posts: 1,022

Original Poster
Rep: Reputation: 315Reputation: 315Reputation: 315Reputation: 315
Thanks for your answers guys.

Yeah, I always use a combination of SpybotSD and AVGFree (the real free edition) and they both have worked good for me. Though I haven't used Malwarebytes too much, looks like a powerful AV too. As for Avast, I haven't used it yet.

Although I try not to get malware on Windows (the installed one, not the VM) I don't care too much either since almost the only thing I use it for is to play games, when I happen to play.

Cheers.
 
Old 07-20-2012, 03:40 AM   #8
honeybadger
Member
 
Registered: Aug 2007
Location: India
Distribution: Slackware (mainly) and then a lot of others...
Posts: 855

Rep: Reputation: Disabled
Wow '30 negatives and 2 positives'. I had no idea there were so many AV in there. BTW how much time did the entire analysis take? Whatever the time frame it, it definately is maddening.
 
Old 07-20-2012, 05:30 AM   #9
John VV
Guru
 
Registered: Aug 2005
Posts: 13,524

Rep: Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806
avg free version is good for XP

and so is ClamAV
clam has found things that Norton AV missed ( or allows - some "spyware / tracking softwere" Norton ALLOWS)

just run clam from a linux machine
 
Old 07-20-2012, 07:12 PM   #10
odiseo77
Senior Member
 
Registered: Dec 2004
Location: Caracas, Venezuela
Distribution: Debian Sid, OpenSUSE 13.1
Posts: 1,022

Original Poster
Rep: Reputation: 315Reputation: 315Reputation: 315Reputation: 315
Quote:
Originally Posted by honeybadger View Post
Wow '30 negatives and 2 positives'. I had no idea there were so many AV in there. BTW how much time did the entire analysis take? Whatever the time frame it, it definately is maddening.
I'm not sure how long did it take, but I think it was not too lonlg since I left it uploading the file for a few minutes and when I came back it had already uploaded it and scanned it. Anyway, it's an useful site, for cases like this.


Quote:
Originally Posted by John VV View Post
avg free version is good for XP

and so is ClamAV
clam has found things that Norton AV missed ( or allows - some "spyware / tracking softwere" Norton ALLOWS)

just run clam from a linux machine
What about AVGFree on Windows 7? Does it work fine there too? (I ask because I have a laptop with Win7 and AVGFree in it, so I'd like to know)

Regards.
 
Old 07-20-2012, 08:02 PM   #11
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 12,500

Rep: Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077
If they offer it, I'd have similar confidence to the XP version.
But that was also when I last used it. I don't do (local) mail on any version of Windoze these days.
 
Old 07-20-2012, 08:50 PM   #12
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 8,254

Rep: Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559
Quote:
What about AVGFree on Windows 7? Does it work fine there too?
In my experience, yes.

My Win 7 computer came with Avast on it. It seemed to work fine, but the level of nagging was unacceptably high. That's the main reason I ditched it.
 
Old 07-20-2012, 09:13 PM   #13
odiseo77
Senior Member
 
Registered: Dec 2004
Location: Caracas, Venezuela
Distribution: Debian Sid, OpenSUSE 13.1
Posts: 1,022

Original Poster
Rep: Reputation: 315Reputation: 315Reputation: 315Reputation: 315
Quote:
Originally Posted by syg00 View Post
If they offer it, I'd have similar confidence to the XP version.
But that was also when I last used it. I don't do (local) mail on any version of Windoze these days.
I think it's the same version (I was wondering if it behaved the same on both Windows versions; I guess it does). As for mail, I don't use any email client on Windows and only download attachments (from the browser) when I'm completely sure they're safe.


Quote:
Originally Posted by frankbell View Post
In my experience, yes.

My Win 7 computer came with Avast on it. It seemed to work fine, but the level of nagging was unacceptably high. That's the main reason I ditched it.
I know what you mean, these programs that prompt you every 5 minutes for everything can be a real pain. That's the reason why I stopped using 3rd party firewalls on Windows. Now I only use Windows' own firewall and configure it to block everything. I don't browse the net too often from my windows installs, anyway (except when I'm at work).
 
  


Reply

Tags
antivirus, viruses, windows


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba 3.5.6 DC + Windows 7 Unable to add user because of trust relationship ravenswood Linux - Server 2 05-15-2012 12:08 PM
Samba 3 and Windows NT4 trust relationship mozilla Linux - Networking 1 07-03-2007 03:11 AM
LXer: A question of anti-trust LXer Syndicated Linux News 0 02-21-2006 10:31 AM
trust relationship between windows pdc and fedora core 2 rans Linux - Networking 0 09-10-2004 02:44 AM
Windows XP - An Operating System You Can Trust jlturbos General 3 02-05-2004 07:33 PM


All times are GMT -5. The time now is 08:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration