Open Slixxor opened 2 years ago
micahsnyder
commented
2 years ago The link for reporting false positives is: https://www.clamav.net/reports/fp as described here: https://docs.clamav.net/faq/faq-win32.html?highlight=false#where-should-i-report-false-positives-or-undetected-malware and here: https://www.clamav.net/contact
@Slixxor Where did you observe the older (broken) link?
Slixxor
commented
2 years ago This link here has the link that doesn't work.
https://clamwin.com/content/view/40/27/
This is the first link google picked when searching for "ClamAV submit false positive"
I have now, using your link, managed to submit a false positive but I don't think it will end there, I use .NET reactor obfuscation library to protect our work and then digitally sign using our Comodo/Sectigo certificate.
Can you try to Help a guy out here and maybe provide some insight into how I can avoid these issues in future?
micahsnyder
commented
2 years ago This link here has the link that doesn't work.
https://clamwin.com/content/view/40/27/
This is the first link google picked when searching for "ClamAV submit false positive"
That's frustrating. clamwin is a related project, but not by the same people. I think we can solve this by redirecting that older url to our contact page. I'll reach out to our web admins.
I have now, using your link, managed to submit a false positive but I don't think it will end there, I use .NET reactor obfuscation library to protect our work and then digitally sign using our Comodo/Sectigo certificate.
Can you try to Help a guy out here and maybe provide some insight into how I can avoid these issues in future?
I'll message our malware threat research folks for help.
I've uploaded our software to our dev server several times in the last 5 weeks while testing and had no issues using the main executable. The day i decide to push the slightly modified file (removed DEV banner) and deployed to a different folder (Prod), you immediately flag the software and I can't upload it.
It reports: Win.Packed.Cerbu-9963880-0
I tried to submit a false positive report but your link does not work period. This is the link that does nothing.: http://www.clamav.net/sendvirus.cgi
Fix your link or provide the ability for legitimate software vendors to actually contact you to resolve these issues.
I pay every single year for a Comodo digital code signing certificate for our software which is free. This makes no difference. At some point you guys need to actually take these things into account.
I get you aren't being paid, neither am I... The little I have is reputation. when you guys flag my legitimate software as malicious when its not it ruins that reputation.
Now. Please tell me, how exactly can I fix the problem or when will your false positive submission link be fixed?
Worst case, I will pay quadruple for a dedicated server I have full control over, literally just to store files, rather than the current affordable shared hosting I use with my web host that unfortunately uses your platform to "protect" itself.
This is not ideal when your software is free.
Describe the bug
Replace this text with a clear and concise description of the bug or feature request.
How to reproduce the problem
Replace this text with specific steps needed to reproduce the issue.
Replace this text with the output from the ClamAV command: clamconf -n
Attachments
If applicable, add screenshots to help explain your problem.
If the issue is reproducible only when scanning a specific file, attach it to the ticket.