Nmap Development mailing list archives
Re: False positives on antivirus
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Fri, 29 Jan 2010 11:01:30 -0600
On Fri, Jan 29, 2010 at 7:28 AM, Ron <> wrote:
Fyodor <fyodor () insecure org> wrote:Note that nmap-5.21-setup.exe seems to trigger 2 false postivies. The Panda W32/Xor-encoded.A and McAfee+Artemis judges it "Suspect-D!10FC121FDD0D":Suspect-D, I like the sounds of that. It's like an action movie! But seriously, I hadn't realized it could be so easy to get a false positive removed. Maybe we should revisit the idea of submitting the original nmap_service.exe, unmodified, to the company that detected it as malware? -- Ron Bowes http://www.skullsecurity.org
With nmap being a pretty well established legitimate program, it should be worth trying. The AV companies shouldn't have any reason to doubt our assertion that this is not really a virus. -Jason _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- False positives on antivirus Ron (Jan 28)
- Re: False positives on antivirus Michael Pattrick (Jan 28)
- Re: False positives on antivirus Ron (Jan 28)
- Re: False positives on antivirus Fyodor (Jan 28)
- Re: False positives on antivirus Ron (Jan 29)
- Re: False positives on antivirus DePriest, Jason R. (Jan 29)
- Re: False positives on antivirus Brandon Enright (Jan 29)
- Re: False positives on antivirus Fyodor (Jan 29)
- Re: False positives on antivirus Ron (Jan 29)
- Re: False positives on antivirus Fyodor (Jan 29)
- Re: False positives on antivirus Michael Pattrick (Jan 28)
- Re: False positives on antivirus David Fifield (Feb 12)
- Re: False positives on antivirus Ron (Feb 12)
- Re: False positives on antivirus David Fifield (Mar 03)