Ethereal-users: [Ethereal-users] Recent virus warnings

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gerald Combs <gerald@xxxxxxxxxxxx>
Date: Sat, 8 Jun 2002 00:18:46 -0500 (CDT)
Several people have reported that Sophos Anti-Virus with the latest IDEs
(July 2002, v 3.59) reports that the Ethereal installer for Windows
contains the Momma-B trojan.

According to the information at
http://www.sophos.com/virusinfo/analyses/trojmommab.html, Momma-B creates
a directory named "\INF\internet\" in the Windows folder, as well as the
registry key
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\InternetExplorer.  I
checked the machine that the 0.9.4 installer was built on, and neither of
these are present.  I've also run a full scan on the machine using NAV
2002 with the latest (6/6/2002) virus definitions loaded.  It didn't find
anything.  The original installer file on the build machine and on
www.ethereal.com both have the same MD5 sum, so it doesn't look like it
was tampered with after it was uploaded.

Has the 0.9.4 installer triggered any virus scanners besides Sophos?  Is
it possible that Sophos is generating false positives?