Re: Nmap is detected as a trojan by avast anti-virus

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 25 Jul 2008 16:51:51 +0300
"Иван Джеферов" <ivan.djeferov () gmail com> wrote:

> When I try to download the "*Latest stable release self-installer:*
> nmap-4.68-setup.exe<http://download.insecure.org/nmap/dist/nmap-4.68-setup.exe>".
> I get the following message from Avast anti-virus:
>
> Malware name: Win32:Trojan-gen {Other}
> Malware type: Virus/Worm
>
> The command-line zip file is ok though.
>
> Best wishes,
> Ivan.

Иван,

This is a false positive.  "Win32:Trojan-gen {Other}" is a heuristic
detection and not an actual signature.  If I had to take a guess in the
dark I'd say that they don't like the installer scripts or the
compression used by the installer.

Unfortunately as malware gets better at evading signatures AV companies
have to resort to broader and fuzzier heuristics to keep up.

I encourage you to contact Avast and notify them of the
false-positive.  You may also be able to disable heuristics (which will
likely severely decrease it's ability to generically detect malware).

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkiKLrYACgkQqaGPzAsl94LDYwCZAU6nKAHCEA+/kge024/G2z0d
y2oAoKbeWawa6S315Mf8GQe44BMUbBqD
=70ty
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org