home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!ukma!cs.widener.edu!dsinc!netnews.upenn.edu!netnews.cc.lehigh.edu!news
- From: Amir_Netiv@f120.n9721.z9.virnet.bad.se (Amir Netiv)
- Newsgroups: comp.virus
- Subject: False positive in the new PKZIP (PC)
- Message-ID: <0009.9301281842.AA17847@barnabas.cert.org>
- Date: 17 Jan 93 13:12:00 GMT
- Sender: virus-l@lehigh.edu
- Lines: 35
- Approved: news@netnews.cc.lehigh.edu
-
- Vesselin Bontchev writes:
-
- > What is interesting is that somebody used an out-of-
- > date version of Symantec's Norton Anti-Virus to scan the new archiver.
- > It seems that this version causes a false positive - the program is
- > flagged as infected by Maltese Amoeba.
-
- and
-
- > all executables in the package are self- compressed with PKLite
- > 1.20. This caused the heuristic scanner of F-Prot to report that those
- > files are suspicious, because they contain a program that modifies
-
- It is obviouse that anyone that uses any old version of any Anti-Virus
- product is subject to false alarms, and even more obviouse that if you
- use a "Generic" scanner that looks for special kinds of codes whithin
- a file (that could imply that a virus is lurking there), you will jump
- from your seat many times for nothing !
-
- So, if you are using such products, great, but don't spread panic for
- nothing. Ican easilly supply you with a handfull of "viruses" that do
- not exist, to write about.
-
- > I obtained a copy of the new version of PKZIP,
- > examined it manually with a debugger, and scanned it with about a dozen
- > scanners. The result is that NONE OF THE EXECUTABLE FILES IS INFECTED.
-
- > So, please done's pay attention to the rumors, if they reach you.
-
- We thank you for your effort.
-
- * Amir Netiv. V-CARE Anti-Virus, Head team.*
-
- - --- FastEcho 1.21
- * Origin: <<< NSE Software >>> Israel (9:9721/120)
-
