I received this in response to my query...
Glad to hear it's a mistake, but I think
I'll still with SAV for now.
-Carl.
----------------------------------
Hello and thank you for your mail.
Unfortunately, virus signature files released at 17:00 on 2 May 2005
included a false positive detection identified as: W32/haxdoor.ap@bd causing
problems for some of our users. New virus signature files that fix this
problem have now been released. These files are dated 3 May 2005 and users
need only update to avoid any further false positives.
We apologise for any inconvenience this may have caused. If you have any
further questions or comments please do not hesitate to contact us again.
Best regards,
Valtýr Jónasson
F-Prot Antivirus Technical Support
support@xxxxxxxxxx
http://www.f-prot.com
Tel: +354-540-7400
Fax: +354-540-7401
When replying, please copy your entire previous message/thread.
Use the reply function of your e-mail program in order to keep the same
subject of our response (including the tracking number). Otherwise your
message may be delayed.
If you are interested in receiving an e-mail notice when updates and new
versions are released then you can subscribe at http://alerts.f-prot.com
-----Original Message-----
From: Alistair Ingi Grétarsson [mailto:alistair@xxxxxxxxxx]
Sent: 3. maí 2005 09:18
To: support@xxxxxxxxxx
Subject: FW: FPROT identifies Ethereal as webeditor@xxxxxxxxxx
<webeditor@xxxxxxxxxx>
-----Original Message-----
From: Carl Wallace [mailto:club5220@xxxxxxxxxxx]
Sent: 3. maí 2005 03:03
To: ethereal-users@xxxxxxxxxxxx
Cc: webeditor@xxxxxxxxxx
Subject: FPROT identifies Ethereal as webeditor@xxxxxxxxxx
<webeditor@xxxxxxxxxx>
F-Prot AVES: Modified this message. (click for details
<https://aves.f-prot.com/m?i=aWkUNRr5tLbPT0TGR,Qnbp5gdTeg@xxxxxx-ga> )
________________________________
Hello,
I was wondering if you've had the same experience as I... on a 'clean' build
of Windows XP Pro (SP2) I installed FPROT for evaluation, and to my surprise
it identified (and automatically REMOVED?!) the Ethereal uninstall file as
the w32/haxdoor.ap@bd threat and furthermore, it removed my ethereal
installer (.10.10)! I tried searching Google for w32/haxdoor.ap@bd and got
nothing, which seems a bit sketchy, to me. This software seems to be
identifying your installation as a threat, which I'd guess is a false
positive, because Ethereal is one of the premieire protocol analyzers out
there, yes?
Curiosuly yours,
Carl Wallace
-----Original Message-----
From: Gerald Combs [mailto:gerald@xxxxxxxxxxxx]
Sent: Tuesday, May 03, 2005 11:40 AM
To: av@xxxxxxxxxxxxxx; Ethereal user support; Carl Wallace
Subject: Re: [Ethereal-users] Backdoor program?
Martin Gordon wrote:
> Frisk flags the ethereal download as infected - is this true, please?
...and Carl Wallace wrote:
> Hello,
>
> I was wondering if you've had the same experience as I... on a 'clean'
> build of Windows XP Pro (SP2) I installed FPROT for evaluation, and to
> my surprise it identified (and automatically REMOVED?!) the Ethereal
> uninstall file as the w32/haxdoor.ap@bd <mailto:w32/haxdoor.ap@bd>
> threat and furthermore, it removed my ethereal installer (.10.10)! I
> tried searching Google for w32/haxdoor.ap@bd
> <mailto:w32/haxdoor.ap@bd> and got nothing, which seems a bit sketchy,
> to me. This software seems to be identifying your installation as a
> threat, which I'd guess is a false positive, because Ethereal is one
> of the premieire protocol analyzers out there, yes?
This is probably a false positive. It's unlikely that a virus or trojan
made it through our development process _and_ has gone unnoticed since March
11. I opened a trouble ticket with F-Secure, but haven't received a
response yet.
