Wireshark-users: Re: [Wireshark-users] Symantec AV false positive?
From: "Danielson, Graeme" <Graeme.Danielson@xxxxxxxxxxx>
Date: Tue, 4 Jul 2006 16:34:37 +1200
Apologies for posting about a thread(s) already discussed. I joined the list as a result of this problem; but of course I should've checked the archives before I posted! rgds, Graeme -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jack Daniel Sent: Tuesday, 4 July 2006 1:36 p.m. To: Community support list for Wireshark Subject: Re: [Wireshark-users] Symantec AV false positive? There were a couple of post on this earlier today. Seems to be a false positive, there's a checklist at Symantec's site (Gerald posted this link earlier: http://securityresponse.symantec.com/avcenter/venc/data/trojan.zlob.html ) Not that it means anything, but Symantec is pointing users to Wireshark for packet captures at this page: http://service1.symantec.com/SUPPORT/ent-security.nsf/0/edfb148ba33e3f35 88256efb006d148a?OpenDocument The document must be fairly recently updated, as it refers to "Wireshark, formerly Ethereal" Neither Trend Micro's OfficeScan nor Computer Associates EZ AV detect Wireshark as having the trojan on any of my machines at home or at work. Jack Daniel ---------- Original Message ---------------------------------- From: "Danielson, Graeme" <Graeme.Danielson@xxxxxxxxxxx> Reply-To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Date: Tue, 4 Jul 2006 13:16:12 +1200 >This morning my Symantec AV decided to delete the Wireshark >uninstall.exe as it thinks it is infected with "Trojan.Zlob" >Then the same thing happened against the wireshark-setup exe when I >downloaded it again. > >At the moment I'm presuming it's a false positive against the SAV virus >definition file I have dated 2-Jul. Has anyone else hit something like >this in the last few days? > >Thanks, Graeme ____________________________________________________________________ CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify Air New Zealand immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Air New Zealand. _____________________________________________________________________ For more information on the Air New Zealand Group, visit us online at http://www.airnewzealand.com _____________________________________________________________________
- Prev by Date: Re: [Wireshark-users] Symantec AV false positive?
- Next by Date: Re: [Wireshark-users] Trojan.Zlob detected in Windows installer
- Previous by thread: Re: [Wireshark-users] Symantec AV false positive?
- Next by thread: [Wireshark-users] Ethereal packet flow understanding
- Index(es):