Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: False positives on antivirus

From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Fri, 29 Jan 2010 11:01:30 -0600
On Fri, Jan 29, 2010 at 7:28 AM, Ron <> wrote:

Fyodor <fyodor () insecure org> wrote:

Note that nmap-5.21-setup.exe seems to trigger 2 false postivies.  The
Panda W32/Xor-encoded.A and McAfee+Artemis judges it
"Suspect-D!10FC121FDD0D":

Suspect-D, I like the sounds of that. It's like an action movie!

But seriously, I hadn't realized it could be so easy to get a false positive removed. Maybe we should revisit the 
idea of submitting the original nmap_service.exe, unmodified, to the company that detected it as malware?
--
Ron Bowes
http://www.skullsecurity.org


With nmap being a pretty well established legitimate program, it
should be worth trying.

The AV companies shouldn't have any reason to doubt our assertion that
this is not really a virus.

-Jason
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: