Jump to content

Clam AV false positive on Italian Kaspersky installer. [Closed]


fabiodanzetta
Go to solution Solved by Berny,

Recommended Posts

fabiodanzetta
Hi everyone, I downloaded the startup.exe file from the Italian site and found two things: 1) doing the scan with virustotal clamav detects it as Win.Virus.Sality-6812328-0. I guess it's a false positive. I don't always scan the files I download from the total virus but this time I did it out of curiosity and this was the result. I wanted to investigate further and other setups of other antivirus vendors have similar problems. Not all and not all with the same engines. Some are perfectly clean. What do you think? 2) Always the Italian startup.exe file is digitally signed but only with the sha1 algorithm without the presence of sha256 and above all without the signature timestamp. Can anyone explain why? Thank you all and sorry for my English.
Link to comment
Share on other sites

Flood and Flood's wife
Hi everyone, I downloaded the startup.exe file from the Italian site and found two things: 1) doing the scan with virustotal clamav detects it as Win.Virus.Sality-6812328-0. I guess it's a false positive. I don't always scan the files I download from the total virus but this time I did it out of curiosity and this was the result. I wanted to investigate further and other setups of other antivirus vendors have similar problems. Not all and not all with the same engines. Some are perfectly clean. What do you think? 2) Always the Italian startup.exe file is digitally signed but only with the sha1 algorithm without the presence of sha256 and above all without the signature timestamp. Can anyone explain why? Thank you all and sorry for my English.
Hello fabiodanzetta, Welcome! Your English is fine! Do not worry. Please copy the site url, the download url & the Virustotal url (result) to a text file and upload the text file using the upload icon in your reply please? Thanks & regards:pray_tone3:
Link to comment
Share on other sites

fabiodanzetta
Hi everyone, I downloaded the startup.exe file from the Italian site and found two things: 1) doing the scan with virustotal clamav detects it as Win.Virus.Sality-6812328-0. I guess it's a false positive. I don't always scan the files I download from the total virus but this time I did it out of curiosity and this was the result. I wanted to investigate further and other setups of other antivirus vendors have similar problems. Not all and not all with the same engines. Some are perfectly clean. What do you think? 2) Always the Italian startup.exe file is digitally signed but only with the sha1 algorithm without the presence of sha256 and above all without the signature timestamp. Can anyone explain why? Thank you all and sorry for my English.
Hello fabiodanzetta, Welcome! Your English is fine! Do not worry. Please copy the site url, the download url & the Virustotal url (result) to a text file and upload the text file using the upload icon in your reply please? Thanks & regards:pray_tone3:
Hi FLOOD, this is the link to the scan result: https://www.virustotal.com/gui/file/fd6a814dad07b5f289f01ce61664f492778fe0dbd801675d109b9eb029b17c21/detection and this is the file: https://products.s.kaspersky-labs.com/homeuser/kis2020/20.0.14.1085abc/italian-IT-0.2056.0/3232303839307c44454c7c31/startup.exe from this page: https://www.kaspersky.it/downloads/thank-you/internet-security .
Link to comment
Share on other sites

fabiodanzetta
clamav detects it as Win.Virus.Sality-6812328-0.
Also , please contact ClamAv Team :-)
Hi, Berny, ok for the detection but for the second question about file signature? Ok, for the only sha1 but why without timestamp? Thanks again
Link to comment
Share on other sites

Flood and Flood's wife
Hi everyone, I downloaded the startup.exe file from the Italian site and found two things: 1) doing the scan with virustotal clamav detects it as Win.Virus.Sality-6812328-0. I guess it's a false positive. I don't always scan the files I download from the total virus but this time I did it out of curiosity and this was the result. I wanted to investigate further and other setups of other antivirus vendors have similar problems. Not all and not all with the same engines. Some are perfectly clean. What do you think? 2) Always the Italian startup.exe file is digitally signed but only with the sha1 algorithm without the presence of sha256 and above all without the signature timestamp. Can anyone explain why? Thank you all and sorry for my English.
Hello fabiodanzetta, Welcome! Your English is fine! Do not worry. Please copy the site url, the download url & the Virustotal url (result) to a text file and upload the text file using the upload icon in your reply please? Thanks & regards:pray_tone3:
Hi FLOOD, this is the link to the scan result: https://www.virustotal.com/gui/file/fd6a814dad07b5f289f01ce61664f492778fe0dbd801675d109b9eb029b17c21/detection and this is the file: https://products.s.kaspersky-labs.com/homeuser/kis2020/20.0.14.1085abc/italian-IT-0.2056.0/3232303839307c44454c7c31/startup.exe from this page: https://www.kaspersky.it/downloads/thank-you/internet-security .
Hello fabiodanzetta Thank you so much for posting back! Good detection:spy_tone3::clap_tone3: I wonder how often it happens:thinking: Curiously, I've just scanned the .exe from https://www.kaspersky.it/downloads/thank-you/internet-security, detection is not repeated: https://www.virustotal.com/gui/url/bab3720b8b84650041d72235ec7d07a7ac925e5a14a51206a99b26308581510c/detection No engines detected this URL I've tried 3 different browsers, same result. (imo) if anyone contacts Clam it should be Kaspersky. 'Thanks again:pray_tone3:
Link to comment
Share on other sites

fabiodanzetta
Hi everyone, I downloaded the startup.exe file from the Italian site and found two things: 1) doing the scan with virustotal clamav detects it as Win.Virus.Sality-6812328-0. I guess it's a false positive. I don't always scan the files I download from the total virus but this time I did it out of curiosity and this was the result. I wanted to investigate further and other setups of other antivirus vendors have similar problems. Not all and not all with the same engines. Some are perfectly clean. What do you think? 2) Always the Italian startup.exe file is digitally signed but only with the sha1 algorithm without the presence of sha256 and above all without the signature timestamp. Can anyone explain why? Thank you all and sorry for my English.
Hello fabiodanzetta, Welcome! Your English is fine! Do not worry. Please copy the site url, the download url & the Virustotal url (result) to a text file and upload the text file using the upload icon in your reply please? Thanks & regards:pray_tone3:
Hi FLOOD, this is the link to the scan result: https://www.virustotal.com/gui/file/fd6a814dad07b5f289f01ce61664f492778fe0dbd801675d109b9eb029b17c21/detection and this is the file: https://products.s.kaspersky-labs.com/homeuser/kis2020/20.0.14.1085abc/italian-IT-0.2056.0/3232303839307c44454c7c31/startup.exe from this page: https://www.kaspersky.it/downloads/thank-you/internet-security .
Hello fabiodanzetta Thank you so much for posting back!Good detection:spy_tone3::clap_tone3: I wonder how often it happens:thinking: Curiously, I've just scanned the .exe from https://www.kaspersky.it/downloads/thank-you/internet-security, detection is not repeated: https://www.virustotal.com/gui/url/bab3720b8b84650041d72235ec7d07a7ac925e5a14a51206a99b26308581510c/detection No engines detected this URL I've tried 3 different browsers, same result. (imo) if anyone contacts Clam it should be Kaspersky. 'Thanks again:pray_tone3:
Hi, FLOOD, in your link is not present CLAMAV engine! The best way is download an .exe file on your pc and then upload in virustotal. With the link i don't know why the report is different. I have however opened a report to the clamav team as a possible false positive. Thanks .
Link to comment
Share on other sites

Flood and Flood's wife
Hi everyone, I downloaded the startup.exe file from the Italian site and found two things: 1) doing the scan with virustotal clamav detects it as Win.Virus.Sality-6812328-0. I guess it's a false positive. I don't always scan the files I download from the total virus but this time I did it out of curiosity and this was the result. I wanted to investigate further and other setups of other antivirus vendors have similar problems. Not all and not all with the same engines. Some are perfectly clean. What do you think? 2) Always the Italian startup.exe file is digitally signed but only with the sha1 algorithm without the presence of sha256 and above all without the signature timestamp. Can anyone explain why? Thank you all and sorry for my English.
Hello fabiodanzetta, Welcome! Your English is fine! Do not worry. Please copy the site url, the download url & the Virustotal url (result) to a text file and upload the text file using the upload icon in your reply please? Thanks & regards:pray_tone3:
Hi FLOOD, this is the link to the scan result: https://www.virustotal.com/gui/file/fd6a814dad07b5f289f01ce61664f492778fe0dbd801675d109b9eb029b17c21/detection and this is the file: https://products.s.kaspersky-labs.com/homeuser/kis2020/20.0.14.1085abc/italian-IT-0.2056.0/3232303839307c44454c7c31/startup.exe from this page: https://www.kaspersky.it/downloads/thank-you/internet-security .
Hello fabiodanzetta Thank you so much for posting back!Good detection:spy_tone3::clap_tone3: I wonder how often it happens:thinking: Curiously, I've just scanned the .exe from https://www.kaspersky.it/downloads/thank-you/internet-security, detection is not repeated: https://www.virustotal.com/gui/url/bab3720b8b84650041d72235ec7d07a7ac925e5a14a51206a99b26308581510c/detection No engines detected this URL I've tried 3 different browsers, same result. (imo) if anyone contacts Clam it should be Kaspersky. 'Thanks again:pray_tone3:
Hi, FLOOD, in your link is not present CLAMAV engine! The best way is download an .exe file on your pc and then upload in virustotal. With the link i don't know why the report is different. I have however opened a report to the clamav team as a possible false positive. Thanks .
Hello fabiodanzetta, Yes, the VT result is different. I kinda didn't really want to download anything dodgy, even if it is Kaspersky & even if it is a FP... Thanks again.
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.


×
×
  • Create New...