Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nmap 4.76 detected as a Trojan by BitDefender 2009

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sun, 1 Mar 2009 18:57:29 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 01 Mar 2009 15:40:27 +0100 or thereabouts Patrick Camilleri
<patrik.camilleri () gmail com> wrote:


When downloading http://nmap.org/dist/nmap-4.76-setup.exe BitDefender 
detects it as Trojan.Generic.1215885. On the other hand the beta
version of nmap, http://nmap.org/dist/nmap-4.85BETA3-setup.exe seems
to be clean. Is this just a false positive?

Malware name: Trojan.Generic.1215885

Regards,
Patrick



Patrick,

This is a false positive.  In order to keep up with the huge flood of
new malware AV companies have had to turn to heuristics and very
generic fingerprints.  Unfortunately this means that there are also
more false positives.

Nmap does a lot with networking.  Chances are if a AV company decides
to flag specific networking features or a networking library like
libdnet, libpcap, or OpenSSL, Nmap will be detected too.

This isn't the first time Nmap has been been wrongly flagged by an AV
company and it certainly won't be the last.

I just sent nmap.exe to VirusTotal and BitDefender came back clean:

https://www.virustotal.com/analisis/8298d510a59b8f5c0c1d1aa7d5f01744

It is possible that if you update your signatures they have already
corrected the false positive.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkmq2p8ACgkQqaGPzAsl94KcAACfcUfXMWhNBmZJierJk3e1r9a0
hGUAnRrofaXTk1ewiAK2FQgCmksfJV2j
=zPTh
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: