Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: False positives on antivirus

From: Fyodor <fyodor () insecure org>
Date: Thu, 28 Jan 2010 20:54:09 -0800
Here is an update on the Panda Antivirus situation...

A fellow named "rogervives" posted the false positive situation to the
Panda forums at [1].  Panda responded with instructions for submitting
the nmap_service.exe.  Roger did so, and Panda responded with:

  Dear customer,

  After checking in our laboratory the message you submit, we inform
  you it contains no virus. The detection was caused due to a string
  coincidence.

  The incidence is already solved in a Beta version of our Signature
  File (PAV.SIG), that you can download from the following URL:
  http://www.pandasecurity.com/homeusers/security-info/disclaimer/disclaimer

  We hope this answer has been helpful and do not hesitate to contact
  us should you need any suspicious file analyzed in future.

  Best regards,

  PandaLabs
  virus () pandasecurity com

That is good news!  But we should still better encode or remove the
file in SVN.  Some users may not update their sigs immediately, and
other AV apps may detect our obfuscated binary again now or in the
future.

Note that nmap-5.21-setup.exe seems to trigger 2 false postivies.  The
Panda W32/Xor-encoded.A and McAfee+Artemis judges it
"Suspect-D!10FC121FDD0D":

http://www.virustotal.com/analisis/b9aa3c96c31b6a8088fef744323a553d8a023538fee9392af01f029d43b635de-1264740589

Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: