Nmap Development mailing list archives
Re: Nmap 4.76 detected as a Trojan by BitDefender 2009
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Mon, 2 Mar 2009 22:42:58 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 2 Mar 2009 13:10:24 -0800 Fyodor <fyodor () insecure org> wrote:
On Sun, Mar 01, 2009 at 07:20:12PM +0000, Brandon Enright wrote:I just sent the whole installer to VirusTotal and the results are a little less encouraging: https://www.virustotal.com/analisis/9819a7c66664730b9911bbadd7d50f77 8 of then 39 products flag the installer with some heuristic.Good find. Interestingly, the newer nmap-4.85BETA3-setup.exe only has 1/37 flags (and that is the "corrupted archive" by Sunbelt): http://www.virustotal.com/analisis/a9be2056e8d94963c4e9e8858b4c1678 In case this was due to signature updates since yesterday rather than the different file, I ran it again against nmap-4.76-setup.exe: http://www.virustotal.com/analisis/f62ab34ac2cd64d2ca49789fa843d72b This time it shows 6/34 as flagged. So the 4.85BETA installer really does seem to be treated as more clean, for some reason. Cheers, -F
You're right that the new installer isn't triggering the same heuristics. I don't know why. I'll send a note to a few private lists that these AV companies have researchers on, asking about this. On a semi-related note, Alex Eckelberry has a excellent blog post today about the the AV industry and its use of heuristics: http://sunbeltblog.blogspot.com/2009/03/heuristics-are-dead.html Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmsYPkACgkQqaGPzAsl94JeQQCgkXsXSlf9skXYDEAQrtQX+eBU oWoAn0GV9XaawtH/DBfU/fwlv05cr/KE =YGt8 -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 4.76 detected as a Trojan by BitDefender 2009 Patrick Camilleri (Mar 01)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Brandon Enright (Mar 01)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Brandon Enright (Mar 01)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Patrick Camilleri (Mar 01)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Rob Nicholls (Mar 02)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Fyodor (Mar 02)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Brandon Enright (Mar 02)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Brandon Enright (Mar 01)
- Re: Nmap 4.76 detected as a Trojan by BitDefender 2009 Brandon Enright (Mar 01)