file alarmed only by Avast (false positive?)

system · 2007-03-27T00:16:14.000Z

I have a third party library file (.NET DLL) that we have been using for 3 years.
Just installed Avast on an XP 64 system to evaluate prior to purchase.

The file in question gets alarmed and does not let me build my application using this DLL.

I’ve submitted to Virus Total (see below) and Avast is the only one that flags it. I tried putting in the chest and submitting to Avast, but the email is rejected (from a comcast.net address).

The file gets moved around during builds. I’ve added the whole build tree to the exclusions list, but Avast still flags this file (even though its clearly in the exclusion path). Does one need to restart Avast or something?

How do I encourage the Avast folks (who seem to have a great 64 bit product) to investigate this (I can provide the file, but need some way to get it to them.)?

Here is the Virus Total report:

http://www.virustotal.com/en/indexf.html

Antivirus Version Update Result
AhnLab-V3 2007.3.27.0 03.26.2007 no virus found
AntiVir 7.3.1.44 03.26.2007 no virus found
Authentium 4.93.8 03.26.2007 no virus found
Avast 4.7.936.0 03.25.2007 Win32:Trojan-gen. {Other}
AVG 7.5.0.447 03.26.2007 no virus found
BitDefender 7.2 03.27.2007 no virus found
CAT-QuickHeal 9.00 03.26.2007 no virus found
ClamAV devel-20070312 03.27.2007 no virus found
DrWeb 4.33 03.26.2007 no virus found
eSafe 7.0.14.0 03.26.2007 no virus found
eTrust-Vet 30.6.3512 03.26.2007 no virus found
Ewido 4.0 03.25.2007 no virus found
FileAdvisor 1 03.27.2007 No threat detected
Fortinet 2.85.0.0 03.26.2007 no virus found
F-Prot 4.3.1.45 03.26.2007 no virus found
F-Secure 6.70.13030.0 03.26.2007 no virus found
Ikarus T3.1.1.3 03.26.2007 no virus found
Kaspersky 4.0.2.24 03.27.2007 no virus found
McAfee 4992 03.26.2007 no virus found
Microsoft 1.2306 03.27.2007 no virus found
NOD32v2 2145 03.26.2007 no virus found
Norman 5.80.02 03.23.2007 no virus found
Panda 9.0.0.4 03.27.2007 no virus found
Prevx1 V2 03.27.2007 no virus found
Sophos 4.15.0 03.23.2007 no virus found
Sunbelt 2.2.907.0 03.24.2007 no virus found
Symantec 10 03.27.2007 no virus found
TheHacker 6.1.6.080 03.23.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.26.2007 no virus found
VirusBuster 4.3.7:9 03.26.2007 no virus found
Webwasher-Gateway 6.0.1 03.26.2007 no virus found

Aditional Information
File size: 122880 bytes
MD5: 555a3998407435703f9c14350a929846
SHA1: 34893912cb60a1dbdb3b50d1205902769acbfcca
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=555a3998407435703f9c14350a929846

DavidR · 2007-03-27T00:53:48.000Z

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest (after adding it to the User Files section of the chest).

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

If it is indeed a false positive, restore the file from the chest (avast may alert, select No Action) add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

igor0 · 2007-03-27T15:45:56.000Z

Is there any more info on that file? (filename, company name, download link…?)

system · 2007-03-27T20:37:42.000Z

Well, I was able to get the file in email to virus@avast.com yesterday.

Today, as of the virus database update, the false alarm does not occur. Nice!

I think that makes for a positive purchase decision.

Regarding the other user’s question about the file, it was a 2004 version of a build of this library:

http://www.icsharpcode.net/OpenSource/SharpZipLib/Default.aspx

Announcements