False positive for Thunderbird build

avast! is reporting tete’s Thunderbird 2.0.0.17 Private Build (http://www1.plala.or.jp/tete009/en-US/software.html) as a virus. I have excluded the file in avast! but it still quarantines the thunderbird.exe. I can not use avast! if this keeps up.

I submitted it to VirusTotal for testing.

You can see the results here: http://www.virustotal.com/analisis/1dd7d789db02f9d9c360ca8d1393bc63

Well firstly avast doesn’t do anything you don’t authorise, e.g. send to the chest (quarantine) unless you mean something different.

I suspect that you have only added the suspect file to the Program Settings, Exclusions ?

If so you also need to add it to the Standard Shield, Customize, Advanced, Add list which is for on-access detections.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

I told Tete about the problem and he assures me that it is a false positive. He released an update today that tests fine with no false positive. :slight_smile:

Thanks for the update, if you sent the sample to avast also then it could be that it was corrected.

If not then what was thought to be suspicious (the -gen or suspicious detections in VT) in the tbird build have been corrected or it would still be detected by avast and the other scanners on VT.

The main thing is that you are able to use the tbird private build.