system
1
I’ve found what I believe to be a false positive that is induced by Avast’s .zip unpacking procedures. If I put a specific .tif file in a .zip archive, it gets detected. If I take the exact same .tif out of the .zip, it does not get detected. If I create a brand new .zip archive and put the .tif in it, it gets detected again.
VT results for the .zip: https://www.virustotal.com/en/file/ae2e5090b15f7e6112797c5c1b217d1c478b92f7b392a7e063a0618b95ceb2c4/analysis/1383850556/
VT results for the .tif: https://www.virustotal.com/en/file/74d57a8e306d59dbe619e2f24add201207ca3969ba686b2d806497f4df288dc2/analysis/
Where should I upload the sample so you guys can take a look at it?
Ian
EDIT: Submitted .zip via built in submission tool in Virus Chest.
Pondus
2
You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)
You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected
or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21
Milos
3
Hello,
thanks for reporting, we made fix of this detection and it will be released in next VPS update.
Milos