false positive virus warning

Michael Wood esiotrot at gmail.com
Sun Oct 16 01:33:45 MDT 2011

On 15 October 2011 22:33, Andrew Bartlett <abartlet at samba.org> wrote:
> On Sat, 2011-10-15 at 18:28 +0200, Helmut Hullen wrote:
>> Hallo, samba-technical,
>> I've just got mail from ClamAV:
>> ============= ClamAV =============
>> /home/src/samba-4.0.0alpha14/wintest/wintest.py: Trojan.BAT.Qhost-1 FOUND
>> /home/src/samba-4.0.0alpha14/wintest/wintest.py: moved to '/var/lib/infected/wintest.py'
>> Seems to depend on a new signatur file - nasty.
> I tried to file a bug in their bugzilla about this, with a clear example
> and pointing at the incorrect, incredibly lazy 'virus definition', only
> to have a number of months pass before begin told I had filed it in the
> wrong place.
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2645
> I now have very little patience for a 'virus scanner' that triggers on a
> single line of source code, used for a legitimate purpose in a free
> software project, and cannot re-file the bug report on their own.
> If you have the time, please find the right way to deal with the ClamAV
> folks, so that this does not trigger again.

I don't know how to solve the underlying problem, but submitting it to
http://www.clamav.net/lang/en/sendvirus/ should fix this instance of

I have submitted wintest.py there now.

Michael Wood <esiotrot at gmail.com>

More information about the samba-technical mailing list