Nmap Development mailing list archives

Re: False positives on antivirus

From: Ron <ron () skullsecurity net>
Date: Fri, 29 Jan 2010 07:28:47 -0600

Fyodor <fyodor () insecure org> wrote:

Note that nmap-5.21-setup.exe seems to trigger 2 false postivies.  The
Panda W32/Xor-encoded.A and McAfee+Artemis judges it
"Suspect-D!10FC121FDD0D":

Suspect-D, I like the sounds of that. It's like an action movie! 

But seriously, I hadn't realized it could be so easy to get a false positive removed. Maybe we should revisit the idea 
of submitting the original nmap_service.exe, unmodified, to the company that detected it as malware?
-- 
Ron Bowes
http://www.skullsecurity.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

False positives on antivirus Ron (Jan 28)
- Re: False positives on antivirus Michael Pattrick (Jan 28)
  - Re: False positives on antivirus Ron (Jan 28)
- Re: False positives on antivirus Fyodor (Jan 28)
  - Re: False positives on antivirus Ron (Jan 29)
    - Re: False positives on antivirus DePriest, Jason R. (Jan 29)
    - Re: False positives on antivirus Brandon Enright (Jan 29)
    - Re: False positives on antivirus Fyodor (Jan 29)
    - Re: False positives on antivirus Fyodor (Jan 29)
- Re: False positives on antivirus Fyodor (Feb 02)
  - Re: False positives on antivirus David Fifield (Feb 12)
    - Re: False positives on antivirus Ron (Feb 12)
    - Re: False positives on antivirus David Fifield (Mar 03)