Nmap Development mailing list archives
Re: False positives on antivirus
From: Fyodor <fyodor () insecure org>
Date: Thu, 28 Jan 2010 20:54:09 -0800
Here is an update on the Panda Antivirus situation... A fellow named "rogervives" posted the false positive situation to the Panda forums at [1]. Panda responded with instructions for submitting the nmap_service.exe. Roger did so, and Panda responded with: Dear customer, After checking in our laboratory the message you submit, we inform you it contains no virus. The detection was caused due to a string coincidence. The incidence is already solved in a Beta version of our Signature File (PAV.SIG), that you can download from the following URL: http://www.pandasecurity.com/homeusers/security-info/disclaimer/disclaimer We hope this answer has been helpful and do not hesitate to contact us should you need any suspicious file analyzed in future. Best regards, PandaLabs virus () pandasecurity com That is good news! But we should still better encode or remove the file in SVN. Some users may not update their sigs immediately, and other AV apps may detect our obfuscated binary again now or in the future. Note that nmap-5.21-setup.exe seems to trigger 2 false postivies. The Panda W32/Xor-encoded.A and McAfee+Artemis judges it "Suspect-D!10FC121FDD0D": http://www.virustotal.com/analisis/b9aa3c96c31b6a8088fef744323a553d8a023538fee9392af01f029d43b635de-1264740589 Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- False positives on antivirus Ron (Jan 28)
- Re: False positives on antivirus Michael Pattrick (Jan 28)
- Re: False positives on antivirus Ron (Jan 28)
- Re: False positives on antivirus Fyodor (Jan 28)
- Re: False positives on antivirus Ron (Jan 29)
- Re: False positives on antivirus DePriest, Jason R. (Jan 29)
- Re: False positives on antivirus Brandon Enright (Jan 29)
- Re: False positives on antivirus Fyodor (Jan 29)
- Re: False positives on antivirus Ron (Jan 29)
- Re: False positives on antivirus Fyodor (Jan 29)
- Re: False positives on antivirus Michael Pattrick (Jan 28)
- Re: False positives on antivirus David Fifield (Feb 12)
- Re: False positives on antivirus Ron (Feb 12)
- Re: False positives on antivirus David Fifield (Mar 03)