false positive virus warning

Andrew Bartlett abartlet at samba.org
Sat Oct 15 14:33:27 MDT 2011

On Sat, 2011-10-15 at 18:28 +0200, Helmut Hullen wrote:
> Hallo, samba-technical,
> I've just got mail from ClamAV:
> ============= ClamAV =============
> /home/src/samba-4.0.0alpha14/wintest/wintest.py: Trojan.BAT.Qhost-1 FOUND
> /home/src/samba-4.0.0alpha14/wintest/wintest.py: moved to '/var/lib/infected/wintest.py'
> Seems to depend on a new signatur file - nasty.

I tried to file a bug in their bugzilla about this, with a clear example
and pointing at the incorrect, incredibly lazy 'virus definition', only
to have a number of months pass before begin told I had filed it in the
wrong place.


I now have very little patience for a 'virus scanner' that triggers on a
single line of source code, used for a legitimate purpose in a free
software project, and cannot re-file the bug report on their own.

If you have the time, please find the right way to deal with the ClamAV
folks, so that this does not trigger again.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list