ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Symantec AV false positive?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Danielson, Graeme" <Graeme.Danielson@xxxxxxxxxxx>
Date: Tue, 4 Jul 2006 16:34:37 +1200
Apologies for posting about a thread(s) already discussed. I joined the
list as a result of this problem; but of course I should've checked the
archives before I posted!
 rgds, Graeme


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jack Daniel
Sent: Tuesday, 4 July 2006 1:36 p.m.
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Symantec AV false positive?

There were a couple of post on this earlier today.  Seems to be a false
positive, there's a checklist at Symantec's site (Gerald posted this
link earlier:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.zlob.html
)

Not that it means anything, but Symantec is pointing users to Wireshark
for packet captures at this page:
http://service1.symantec.com/SUPPORT/ent-security.nsf/0/edfb148ba33e3f35
88256efb006d148a?OpenDocument
The document must be fairly recently updated, as it refers to
"Wireshark, formerly Ethereal"

Neither Trend Micro's OfficeScan nor Computer Associates EZ AV detect
Wireshark as having the trojan on any of my machines at home or at work.

Jack Daniel


---------- Original Message ----------------------------------
From: "Danielson, Graeme" <Graeme.Danielson@xxxxxxxxxxx>
Reply-To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>
Date:  Tue, 4 Jul 2006 13:16:12 +1200

>This morning my Symantec AV decided to delete the Wireshark
>uninstall.exe as it thinks it is infected with "Trojan.Zlob"
>Then the same thing happened against the wireshark-setup exe when I
>downloaded it again.
>
>At the moment I'm presuming it's a false positive against the SAV virus
>definition file I have dated 2-Jul.  Has anyone else hit something like
>this in the last few days?
>
>Thanks, Graeme

____________________________________________________________________
CAUTION - This message may contain privileged and confidential 
information intended only for the use of the addressee named above.
If you are not the intended recipient of this message you are hereby 
notified that any use, dissemination, distribution or reproduction 
of this message is prohibited. If you have received this message in 
error please notify Air New Zealand immediately. Any views expressed 
in this message are those of the individual sender and may not 
necessarily reflect the views of Air New Zealand.
_____________________________________________________________________
For more information on the Air New Zealand Group, visit us online
at http://www.airnewzealand.com 
_____________________________________________________________________
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube