Nmap Development mailing list archives
Re: Nmap is detected as a trojan by avast anti-virus
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 25 Jul 2008 19:57:52 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 25 Jul 2008 19:51:12 +0000 Brandon Enright <bmenrigh () ucsd edu> wrote:
Иван, This is a false positive. "Win32:Trojan-gen {Other}" is a heuristic detection and not an actual signature. If I had to take a guess in the dark I'd say that they don't like the installer scripts or the compression used by the installer. Unfortunately as malware gets better at evading signatures AV companies have to resort to broader and fuzzier heuristics to keep up. I encourage you to contact Avast and notify them of the false-positive. You may also be able to disable heuristics (which will likely severely decrease it's ability to generically detect malware). Brandon
BTW, for posterity sake, here is the VirusTotal analysis of the installer: http://www.virustotal.com/analisis/b13d0d5cbb84afb4f7403547eb9779bf Both "TheHacker" and "CAT-QuickHeal" detect it as "Trojan.Shutdowner.rf". My guess is that part of the scripts in the installer have the ability to restart the machine. It may be dead code that doesn't get used/presented as an option but AV isn't going to know that. I don't have a very high opinion of techniques used by some AV craproducts though so take everything I have to say with a grain of salt. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkiKMEAACgkQqaGPzAsl94Jn5gCfff0wCxhadrIYcJzwuk7C/OLk 3wwAnR+jm18jsRtdORau0LEB/yCO//7y =vbnW -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap is detected as a trojan by avast anti-virus Иван Джеферов (Jul 25)
- Re: Nmap is detected as a trojan by avast anti-virus Brandon Enright (Jul 25)
- Re: Nmap is detected as a trojan by avast anti-virus Brandon Enright (Jul 25)
- Re: Nmap is detected as a trojan by avast anti-virus doug (Jul 25)
- Re: Nmap is detected as a trojan by avast anti-virus Brandon Enright (Jul 25)
- Re: Nmap is detected as a trojan by avast anti-virus doug (Jul 25)
- Re: Nmap is detected as a trojan by avast anti-virus Brandon Enright (Jul 25)