McAfee VirusScan False Positive

February 13, 2007

Since the release of Wireshark 0.99.5, several users that McAfee VirusScan detected adware (Adware-Softomate.dll) in the version of WinPcap that comes with the Wireshark installer. The WinPcap project has been receiving similar reports.

McAfee has confirmed that this is a false positive:

Thank you for submitting your suspicious file. Our Senior Virus Research Engineers have examined the file in question and no virus was found.

Solution -

Attached is an extra.dat with correct detection. This correction will be included in the next DAT update.

[ DAT file instructions deleted ]

Warm Regards,
[ Name witheld ]
Virus Researcher
McAfee Avert Labs - Bangalore

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ NetShark appliance
  • • Troubleshoot problems faster
  • • Quickly identify the applications running on your network
  • • Monitor your virtual machine traffic
Learn More