Journalists from the German Linux Magazin reported us that TRK was generating dangerous false positives when using virusscan in combination with ClamAV, the default TRK virusscan scan engine.

I immediately responded by asking logfiles and there I found out the false positive came from a combination of using Clamav 0.96.1 together with signature files between 2011-02-04 and 2011-02-07

Luckily, updating to version 0.96.5 fixes the problem. Users who now run virusscan under TRK, will get their Clamav installation updated to 0.96.5 AUTOMATICALLY, thanks to the update mechanism built into TRK virusscan!

So the bug is fixed for TRK. 
Please update any offline version you might be using updated between 2011-02-04 and 2011-02-07.

I filed a bug on Clamav.net and the original article from Linux Magazin can be found here

Below is a small part of the clamscan logfile with the false positive:

/hda1/WINXP/Driver Cache/i386/sp3.cab: Trojan.GenericFF-1 FOUND
/hda1/WINXP/explorer.exe: Trojan.GenericFF-1 FOUND
/hda1/WINXP/Sti_Trace.log: Empty file
/hda1/WINXP/system32/dhcpmon.dll: Trojan.GenericFF-1 FOUND
/hda1/WINXP/system32/pdh.dll: Trojan.GenericFF-1 FOUND
/hda1/WINXP/system32/snmpapi.dll: Trojan.GenericFF-1 FOUND
/hda1/WINXP/system32/unimdmat.dll: Trojan.GenericFF-1 FOUND

…and a screenshot of virusscan in false action under TRK