Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Latest dist v5.2

From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Thu, 21 Jan 2010 10:10:59 -0600
On Thu, Jan 21, 2010 at 10:04 AM, Ron <> wrote:

On 01/21/2010 09:59 AM, DePriest, Jason R. wrote:


The other option is to tell the a/v vendor to cut it out, but I can't see
that working. :)


Actually, this is pretty much the only option.  Sysinternal's psexec
occasionally gets flagged as a virus along with other legit things
like upx-compressed executables because malware also use them.

That's free / open source for you, right?

You have to let the vendors know they are triggering false positives.

It's up to them if they care or not.


Well, the alternative option is to distribute it separately so Nmap proper
doesn't trigger the aignature.


psexec is a non-malicious program performing non-malicious activity.
There is no reason for an anti-virus vendor to flag it as definitive
malware.  It could be considered what McAfee calls "potentially
unwanted software" but it is not malware.

The *principle* of the matter is not solved by requiring extra steps
to fix what is essentially someone else's problem.

But I don't want to discourage people from using nmap because it
triggers their anti-virus software.

How complicated would it be to provide a check for an existing copy of
psexec or automatic instructions on how to obtain it?

-Jason
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: