ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
ClamWin Free Antivirus Forum Index » Virus Scanner
Reply to topic
KeePass Password Safe false positives?
mdutch


Joined: 02 Mar 2007
Posts: 0
Location: Saratoga, CA (USA)
Post Posted: Fri Mar 02, 2007 5:07 pm Reply with quote
ClamWin identifies KeeForm.exe and KeeRun.exe as being infected with Worm.Sohanad.
These KeePass Password Safe programs use AutoIT so I suspect these are false positives.
Can anyone confirm?
View user's profileSend private message
Re: KeePass Password Safe false positives?
b0ne


Joined: 26 Oct 2006
Posts: 0
Post Posted: Fri Mar 02, 2007 10:47 pm Reply with quote
mdutch wrote:
ClamWin identifies KeeForm.exe and KeeRun.exe as being infected with Worm.Sohanad.
These KeePass Password Safe programs use AutoIT so I suspect these are false positives.


This is indeed a false positive.

The signature that recognizes these two files is the following: 174080:1ba9e9486c1ed8d42af0af2bf4d20f8f:Worm.Sohanad
This is a section based MD5 hash. Unfortunately Auto-It script executables are identical with the exception of an embedded resource where the script is stored.
View user's profileSend private message
b0ne


Joined: 26 Oct 2006
Posts: 0
Post Posted: Fri Mar 02, 2007 10:54 pm Reply with quote
I forgot to mention that I also submitted it to the signature maintainers as an FP.
View user's profileSend private message
KeePass Password Safe false positives?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
 		All times are GMT  
Page 1 of 1  
  
  
ClamWin Free Antivirus Forum Index » Virus Scanner
 Reply to topic