ClamWin Free Antivirus: False Positives

Unfortunately, ClamWin seems to have had some serious problems lately with false positives.  In particular, a client I support encountered a situation where their Windows 2003 Server operating system had been ravaged by ClamWin quarantining files (something around 20,000/2GB of them) throughout the hard drive; including system files and some of its own application files.

As a result, their server became mostly non-functional sometime between Thursday (November 18th) and Friday (November 19th) impacting their ability to do business Friday.

Thankfully, with the implementation of VMWare to help manage their system needs we were able to roll-back to a snapshot from the last major update which did resolve all of the problems experienced.  After a quick couple of software and patch updates to get things current everything was back up and running normally.

However, that doesn't change the fact that this situation should not have happened in the first place.  It's a pretty hard sell to me when you're trusting a program to keep you safe and then that very program ends up being the cause of catastrophic system problems.  With this problem, I regrettably will be saying good-bye to ClamWin on any production servers.

I found a good article on this that already explains a few more of the technical details of this problem here: http://www.livehacking.com/2010/11/20/clamwin-free-antivirus-bad-false-positive/

Anyways, I hope most everyone else will be able to avoid this problem by either upgrading your clients (since it's supposed to be resolved) or switching off to something else.

Cheers!