Nmap Development mailing list archives
Re: Safety and integrity of npcap-0.99-r3.exe
From: Yuri Slobodyanyuk <yuri () yurisk info>
Date: Thu, 19 Apr 2018 09:16:19 +0300
(Rant) Sorry for barging in but couldn't resist - absurdity of the anti-virus vendors first made me laugh then made me turn off all of them. According to VirusTotal I host on my site a very bad malware (confess, also written by me): https://www.virustotal.com/en/file/b98b9d144ad0edbc6be5e73ad0ab06cc2bc15816df509369f3e38e8917f62970/analysis/1524117706/ Only that this executable is a product of compiling (with MS VS 2015) this 'malicious' code LOL: #include "stdafx.h"#include <stdio.h>#include <string.h>// this example and all the following will be posted on my site .... int main(){ char serial_input[6] = ""; char serial_correct[6] = "23845"; int result = 0; printf("Please enter the serial of 5 numbers:"); fgets(serial_input, 6, stdin); result = strncmp(serial_input, serial_correct, 5); if (result != 0) { printf("Wrong serial!, quitting ..\n"); return 1; } else { printf("Great, you have the correct serial !\n"); } return 0;} On Mon, Apr 9, 2018 at 5:00 PM, Daniel Miller <bonsaiviking () gmail com> wrote:
Thanks for reporting this. This is indeed a false positive. I have verified the integrity of the files on the Nmap web server, and you can verify that all binaries including the installer are signed with Insecure.org LLC's EV code signing certificate. I reported this to F-Secure and will be reporting it to other vendors as I am able. They sent this response:Greetings, Thank you for bringing this to our attention. Our analysis indicates that the file you submitted is clean. We have identified the issue as a False Positive, which will be resolved in an upcoming database update. In the meantime, you may exclude this file from further scanning by the security product. You can do so using the following instructions: Internet Security 2015: https://community.f-secure.com/t5/F-Secure-SAFE/How-do-I-exc lude-a-file-or/ta-p/56363 Client Security: https://help.f-secure.com/product.html#business/client-secur ity/12.00/en/task_13205052E3D44C44BA2491A55A7F818F-12.00-en Policy Manager and PSB Workstation: https://community.f-secure.com/t5/Management/Excluding-objec ts-from-Real-Time/ta-p/66013 If you wish to manually update your security product's database, you can use the tools and instructions at: https://www.f-secure.com/en/web/labs_global/removal-tools/-/ carousel/view/140 We apologize for any inconveniences that this false positive may have caused. If there is anything else we can help you with, please do not hesitate to contact us again. Best regards, Azim Malware Analyst F-Secure Security LabsDan On Sun, Apr 8, 2018 at 1:52 AM, bf <bf1783 () gmail com> wrote:My apologies if this is the wrong list for this topic. False positives? Or?: https://www.virustotal.com/en/file/8aa79474c8187c0702b824d63 195a0cbce69cddf1094990e4eb819900da9dd75/analysis/1523168786/ Regards, b. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
-- Taking challenges one by one. http://yurisk.info
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Safety and integrity of npcap-0.99-r3.exe bf (Apr 09)
- Re: Safety and integrity of npcap-0.99-r3.exe Daniel Miller (Apr 09)
- Re: Safety and integrity of npcap-0.99-r3.exe Yuri Slobodyanyuk (Apr 18)
- RE: [EXTERNAL] Re: Safety and integrity of npcap-0.99-r3.exe Lamsoge, Abhijit (Apr 19)
- Re: Safety and integrity of npcap-0.99-r3.exe Yuri Slobodyanyuk (Apr 18)
- Re: Safety and integrity of npcap-0.99-r3.exe Daniel Miller (Apr 09)