Symantec Antivirus False Positive

July 4, 2006

Several users have reported that Symantec AntiVirus products have detected a trojan in the Wireshark 0.99.1pre1 Windows installer.

We haven't found any trace of the trojan (Trojan.Zlob) on our build system, and Symantec Security Response has been unable to duplicate the issue. They recommend that everyone updates their virus definitions. Symantec's response is included below:

We are writing in relation to your submission through Symantec's on-line Security Risk Dispute Submission form in relation to your WireShark software version 0.99.1pre1 being detected by Symantec's software as a Trojan.Zlob. On receiving the additional information requested we once again went back and analysed the software with Symantecs latest definitions and found no detection of your WireShark software as a Trojan.Zlob. Can we please ask your customers to update their Symantec product to the latest definitions and see if they are still getting a Security Risk message in relation to your software.
.
If this dispute is no longer valid please respond to this email and we will close off the dispute.
.
Please respond to this email within 14 days with all questions or requests above answered. Failure to respond to this email within 14 days will deem the Security Risk Dispute submission to be no longer valid and initiate a closure procedure. Once closed a new submission for the same issue can be opened up to two times. Each new submission is subject to the time frame for response of a further four weeks from the submission date
.
Sincerely,
.
Symantec Security Response

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ NetShark appliance
  • • Troubleshoot problems faster
  • • Quickly identify the applications running on your network
  • • Monitor your virtual machine traffic
Learn More