Symantec Anti-virus is detecting Trojan.Zlob in Inkscape-0.44-1.win32.exe and also in uninst.exe once Inkscape is installed. I guess it has to do with a current update of the virus definitions because when I originally downloaded and installed Inkscape no virus was detected, however redownloading the binary immediately triggers the on-access scanner.
I hope this is a false positive, but I would appreciate this if you would investigate this. And may I suggest pulling the binary from Sourceforge in the meantime to prevent possible inflections?
Laurens
Sorry I sent the mail from the wrong e-mail address, please respond to this mail, the other address it no longer active.
Laurens
On Jul 2, 2006, at 1:21 AM, Laurens Blankers wrote:
Symantec Anti-virus is detecting Trojan.Zlob in Inkscape-0.44-1.win32.exe and also in uninst.exe once Inkscape is installed. I guess it has to do with a current update of the virus definitions because when I originally downloaded and installed Inkscape no virus was detected, however redownloading the binary immediately triggers the on-access scanner.
I hope this is a false positive, but I would appreciate this if you would investigate this. And may I suggest pulling the binary from Sourceforge in the meantime to prevent possible inflections?
To check, I just downloaded from sourceforge again.
The MD5 sum of the file I have is
89d47a58c6efd228c21446bca45d5efa Inkscape-0.44-1.win32.exe
ClamAV here on OS X says the file is clear. It appears that Zlob was first seen over a year ago. So with these factors, it's looking very much like you have a false positive.
Oh, and for reference, that name you have reported to you gives us these details: http://www.symantec.com/avcenter/venc/data/trojan.zlob.html
The MD5 sum I have is the same as yours, however Symantec AV still triggers on that exact file. The reference you provide is indeed the one the AV provides, and the trojan is an old one so I don't know why it is detecting it all of a sudden now, but it is and that is a bit worries me a bit
Laurens
Jon A. Cruz wrote:
To check, I just downloaded from sourceforge again.
The MD5 sum of the file I have is
89d47a58c6efd228c21446bca45d5efa Inkscape-0.44-1.win32.exe
ClamAV here on OS X says the file is clear. It appears that Zlob was first seen over a year ago. So with these factors, it's looking very much like you have a false positive.
Oh, and for reference, that name you have reported to you gives us these details: http://www.symantec.com/avcenter/venc/data/trojan.zlob.html
Laurens Blankers wrote:
The MD5 sum I have is the same as yours, however Symantec AV still triggers on that exact file. The reference you provide is indeed the one the AV provides, and the trojan is an old one so I don't know why it is detecting it all of a sudden now, but it is and that is a bit worries me a bit
http://nsis.sourceforge.net/NSIS_False_Positives
False positives are very common with NSIS installers. This is just a fact. Not meant as a convincing argument.
Aaron Spike
Hi!,
I remember that something similar happened with Notepad++ (another sourceforge project) and was a false positive. It was caused by a part of the code of the installer that resembled to an existing trojan. Only a few antiviruses were detecting it (among them was Norton) and contacting the vendors solved the problem with an update of the virus definitions. I hope it is the same with inkscape... I have Avira Guard installed on WindowsXP with the latest virus definitions downloaded a couple minutes ago, and no detection...
Molumen
----- Original Message ----- From: "Laurens Blankers" <laurens@...1390...> To: "Jon A. Cruz" <jon@...18...> Cc: inkscape-devel@lists.sourceforge.net Sent: Sunday, July 02, 2006 10:51 AM Subject: Re: [Inkscape-devel] Trojan in Win32 binary?
The MD5 sum I have is the same as yours, however Symantec AV still triggers on that exact file. The reference you provide is indeed the one the AV provides, and the trojan is an old one so I don't know why it is detecting it all of a sudden now, but it is and that is a bit worries me a bit
Laurens
Jon A. Cruz wrote:
To check, I just downloaded from sourceforge again.
The MD5 sum of the file I have is
89d47a58c6efd228c21446bca45d5efa Inkscape-0.44-1.win32.exe
ClamAV here on OS X says the file is clear. It appears that Zlob was first seen over a year ago. So with these factors, it's looking very much like you have a false positive.
Oh, and for reference, that name you have reported to you gives us these details: http://www.symantec.com/avcenter/venc/data/trojan.zlob.html
Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&da... _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel
participants (4)
-
Aaron Spike -
Jon A. Cruz -
Laurens Blankers -
momo