I have what I think is a false positive report by Avast! on the firmware update file for a D-Link DFL-700 router. The file is ftp://ftp.dlink.co.uk/dfl_firewall/dfl-700/dfl-700_fw_v1.34.zip. Avast downloads the zip without complaint, but when “manually” scanning the zip file on my hard drive it reports the presence of the trojan Win32:Delf-EV.
I have used the Trend virus scan provided as a part of Hotmail to attach the unzipped image file to a mail, and Trend does not report a virus. I have also successfully updated the firmware of two D-Link DFL700 routers with this image file, so it does seem to be what it says it is.
Avast reports running as 4.7 Home Edition, Build Aug2006 (4.7.871) with a VPS version is 0634-2, 24/08/2006.
I have not completed a Virus Incident Report Form.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan, it will need to be temporarily removed from the standard shield exclusions otherwise it won’t be scanned), when it is no longer detected then you can also remove it from the program settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.
David, I did try both on-line AV resources, but both were 100% utilised and politely declined to scan my file ;).
Thank you for the link to the min-sticky. I am being stupid, but how do I find that thread without clicking on your link. If I just look at the avast! 4.x Home/Pro forum I cannot see that sticky.
I will follow the process as described on that thread.
You can also email the file to Virustotal for busy periods (info is on the same page), then then email you the results I believe. This email service isn’t available on Jotti as far as I’m aware.
With difficulty ;D sorry couldn’t resist, at the first page of each forum is a list of Topics/Threads at the top of each are sticky threads that always stay at the top. These sticky threads are usually very useful and have to be assigned by a moderator. Unfortunately this hasn’t been classed sticky, hence the Title in the hope it might prompt the mdos into making it sticky. They are very selective about what becomes sticky otherwise the whole initial page would be taken up by them.
So you can either use the forums search function for, Sticky False Positive or once found you can bookmark the page.