Nmap Development mailing list archives
Re: Nmap 4.76 detected as a Trojan by BitDefender 2009
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Mon, 2 Mar 2009 15:45:50 -0000 (UTC)
Off the top of my head, it could be flagging it for a couple of malicious-looking reasons: - The Nmap installer will stop/start the "npf" service (and create it). - The WinPcap installer (within the Nmap installer) uses a couple of Win32 API calls (Wow64EnableWow64FsRedirection) on x64 versions of Windows in order to stick a 64 bit file in the the right place (and delete it in the uninstaller). However, these shouldn't have changed between versions. I suspect the NSIS based installer has the generic ability to restart the computer, but I don't remember seeing anything in the NSIS file used to create our installer that ever causes a restart. The installers can also be run silently, but that also hasn't changed between versions. Nmap 4.76 doesn't contain Ncat, but 4.83BETA does; I would have expected to see the heuristics spot Ncat (which could be used to listen for a connection, but can't execute a command yet) and flag the newer installer as evil instead. Aren't heuristics great? :) Rob _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 4.76 detected as a Trojan by BitDefender 2009 Patrick Camilleri (Mar 01)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Brandon Enright (Mar 01)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Brandon Enright (Mar 01)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Patrick Camilleri (Mar 01)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Rob Nicholls (Mar 02)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Fyodor (Mar 02)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Brandon Enright (Mar 02)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Brandon Enright (Mar 01)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Brandon Enright (Mar 01)