Ethereal-users: RE: [Ethereal-users] Backdoor program?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Carl Wallace" <[email protected]>
Date: Tue, 3 May 2005 12:46:23 -0400
I received this in response to my query...
Glad to hear it's a mistake, but I think
I'll still with SAV for now.

-Carl.
----------------------------------
Hello and thank you for your mail.

Unfortunately, virus signature files released at 17:00 on 2 May 2005
included a false positive detection identified as: W32/[email protected] causing
problems for some of our users. New virus signature files that fix this
problem have now been released. These files are dated 3 May 2005 and users
need only update to avoid any further false positives.

We apologise for any inconvenience this may have caused. If you have any
further questions or comments please do not hesitate to contact us again.

Best regards,
Valtýr Jónasson
F-Prot Antivirus Technical Support
	
[email protected]
http://www.f-prot.com
Tel: +354-540-7400
Fax: +354-540-7401 
	
When replying, please copy your entire previous message/thread.
	
Use the reply function of your e-mail program in order to keep the same
subject of our response (including the tracking number). Otherwise your
message may be delayed.
	
If you are interested in receiving an e-mail notice when updates and new
versions are released then you can subscribe at http://alerts.f-prot.com 
 

-----Original Message-----
From: Alistair Ingi Grétarsson [mailto:ali[email protected]]
Sent: 3. maí 2005 09:18
To: [email protected]
Subject: FW: FPROT identifies Ethereal as [email protected]
<[email protected]>

 
-----Original Message-----
From: Carl Wallace [mailto:[email protected]]
Sent: 3. maí 2005 03:03
To: [email protected]
Cc: [email protected]
Subject: FPROT identifies Ethereal as [email protected]
<[email protected]>


 F-Prot AVES: Modified this message. (click for details
<https://aves.f-prot.com/m?i=aWkUNRr5tLbPT0TGR,[email protected]> )	
________________________________


Hello,

I was wondering if you've had the same experience as I... on a 'clean' build
of Windows XP Pro (SP2) I installed FPROT for evaluation, and to my surprise
it identified (and automatically REMOVED?!) the Ethereal uninstall file as
the w32/[email protected] threat and furthermore, it removed my ethereal
installer (.10.10)! I tried searching Google for w32/[email protected] and got
nothing, which seems a bit sketchy, to me. This software seems to be
identifying your installation as a threat, which I'd guess is a false
positive, because Ethereal is one of the premieire protocol analyzers out
there, yes?

Curiosuly yours,

Carl Wallace

 

-----Original Message-----
From: Gerald Combs [mailto:[email protected]] 
Sent: Tuesday, May 03, 2005 11:40 AM
To: [email protected]; Ethereal user support; Carl Wallace
Subject: Re: [Ethereal-users] Backdoor program?

Martin Gordon wrote:
> Frisk flags the ethereal download as infected - is this true, please?

...and Carl Wallace wrote:
> Hello,
>
> I was wondering if you've had the same experience as I... on a 'clean'
> build of Windows XP Pro (SP2) I installed FPROT for evaluation, and to 
> my surprise it identified (and automatically REMOVED?!) the Ethereal 
> uninstall file as the w32/[email protected] <mailto:w32/[email protected]> 
> threat and furthermore, it removed my ethereal installer (.10.10)! I 
> tried searching Google for w32/[email protected] 
> <mailto:w32/[email protected]> and got nothing, which seems a bit sketchy, 
> to me. This software seems to be identifying your installation as a 
> threat, which I'd guess is a false positive, because Ethereal is one 
> of the premieire protocol analyzers out there, yes?

This is probably a false positive.  It's unlikely that a virus or trojan
made it through our development process _and_ has gone unnoticed since March
11.  I opened a trouble ticket with F-Secure, but haven't received a
response yet.