I’ve found what I believe to be a false positive that is induced by Avast’s .zip unpacking procedures. If I put a specific .tif file in a .zip archive, it gets detected. If I take the exact same .tif out of the .zip, it does not get detected. If I create a brand new .zip archive and put the .tif in it, it gets detected again.

VT results for the .zip: https://www.virustotal.com/en/file/ae2e5090b15f7e6112797c5c1b217d1c478b92f7b392a7e063a0618b95ceb2c4/analysis/1383850556/

VT results for the .tif: https://www.virustotal.com/en/file/74d57a8e306d59dbe619e2f24add201207ca3969ba686b2d806497f4df288dc2/analysis/

Where should I upload the sample so you guys can take a look at it?

Ian

EDIT: Submitted .zip via built in submission tool in Virus Chest.

You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

Hello,
thanks for reporting, we made fix of this detection and it will be released in next VPS update.

Milos