Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: False positives on antivirus

From: Fyodor <fyodor () insecure org>
Date: Fri, 29 Jan 2010 14:30:58 -0800
On Fri, Jan 29, 2010 at 07:28:47AM -0600, Ron wrote:

Fyodor <fyodor () insecure org> wrote:

But seriously, I hadn't realized it could be so easy to get a false
positive removed. Maybe we should revisit the idea of submitting the
original nmap_service.exe, unmodified, to the company that detected it
as malware?


Yeah, if you (or someone) can submit a report and get things resolved
so that Nmap 5.20 and the plain nmap_service.exe no longer give false
positives, that would be great!  It is mostly just a matter of
figuring out how to do the submission and perhaps following up a bit
and maybe submitting a different way if they ignore you.  And
verifying with the likes of Virustotal after they claim to have fixed
it.

We would have had to do that if it had triggered on a more integral
part of Nmap.

Also, whenever someone mails me about one of these false positives, I
ask them to please submit the problem to the vendor.

Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: