Wireshark-users: Re: [Wireshark-users] Symantec AV false positive?

From: "Jack Daniel" <jdaniel@xxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 3 Jul 2006 21:35:49 -0400
There were a couple of post on this earlier today.  Seems to be a false positive, there's a checklist at Symantec's site (Gerald posted this link earlier: http://securityresponse.symantec.com/avcenter/venc/data/trojan.zlob.html )

Not that it means anything, but Symantec is pointing users to Wireshark for packet captures at this page: http://service1.symantec.com/SUPPORT/ent-security.nsf/0/edfb148ba33e3f3588256efb006d148a?OpenDocument
The document must be fairly recently updated, as it refers to "Wireshark, formerly Ethereal"

Neither Trend Micro's OfficeScan nor Computer Associates EZ AV detect Wireshark as having the trojan on any of my machines at home or at work.

Jack Daniel


---------- Original Message ----------------------------------
From: "Danielson, Graeme" <Graeme.Danielson@xxxxxxxxxxx>
Reply-To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Date:  Tue, 4 Jul 2006 13:16:12 +1200

>This morning my Symantec AV decided to delete the Wireshark
>uninstall.exe as it thinks it is infected with "Trojan.Zlob"
>Then the same thing happened against the wireshark-setup exe when I
>downloaded it again.
>
>At the moment I'm presuming it's a false positive against the SAV virus
>definition file I have dated 2-Jul.  Has anyone else hit something like
>this in the last few days?
>
>Thanks, Graeme
 




________________________________________________________________
Sent via the WebMail system at mail.voodooelectronics.com