FP in SAWin32

26/06/2008 07:22:02 1200 Sign of “Win32:Agent-ZKZ [Drp]” has been found in “C:\Program Files\SAwin32\saproxy.exe” file.
26/06/2008 07:23:47 1200 Sign of “Win32:Agent-ZKZ [Drp]” has been found in “C:\Program Files\SAwin32\sa-update.exe” file.
26/06/2008 07:27:39 1200 Sign of “Win32:Agent-ZKZ [Drp]” has been found in “C:\Program Files\SAwin32\sa-learn.exe” file.
26/06/2008 07:39:55 1200 Sign of “Win32:Agent-ZKZ [Drp]” has been found in “C:\Program Files\SAwin32\saproxy.exe” file.
26/06/2008 08:01:11 1200 Sign of “Win32:Agent-ZKZ [Drp]” has been found in “http://heanet.dl.sourceforge.net/sourceforge/sawin32/SAwin32-3.2.3.3.zip\Setup.exe\{app}\saproxy.exe” file.

Spamassassin Win32 SAProxy has been flagged I seriously suspect it is a false positive

I suspect it may be an FP, DrWeb link scan doesn’t find anything to confirm:

You could also check the offending/suspect file/s at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

this FP has been fixed a few days ago… you should always use an up to date VPS :wink:

Thanks for the input.

I think kkronfli probably has the latest version Maxx, but his reporting this a little later than the detection 26/6/2008 from his log entries. With it in the chest obviously it won’t be detected further.