[Date Prev][Date Next][Subject Prev][Subject Next][ Date Index][ Subject Index]

Re: likely false positive (?)



Thanks Paul, it does.  Most curious that I had the same exact result on the brand new rig at a satellite office, running 64-bit Win-7 and only MS Security Essentials for AV. 

False positives on various things using various AV products are a common phenomenon.  That's why VirusTotal can be such a useful resource.  When it shows 2, 3, or 4 "hits" out of 57 or more products, then there is some small possibility one of them has found something that the others missed, though it is far more likely that the small number of dissenters are wrong.  (Certain sorts of things like network "sniffer" tools routinely return false positives, and more than just a few AV programs will concur on that.)

Anyway, I fired up the older XP laptop that has no AV on it at all -- because the Norton it had had lapsed long ago, and its remnants were uninstalled -- which I now use as a sort of testbed.  With this I was able to get a working download of XyWeb120, which checks out as a Zip archive I can open.  I've now emailed it to myself, but may need to turn off AV entirely in order to receive it intact.  


   Jordan



From: Paul Breeze
To: xywrite@xxxxxxxx
Sent: Friday, January 30, 2015 9:32 AM
Subject: Re: likely false positive (?)

Dear Jordan

Correction.  I just tried to download the file again and Avast stopped me.
I stopped protection and then downloaded again, then scanned the zip.
The only part of the archive it objected to was BIGEDIT.  I have
compared this file to the version I am already using in my VDOS version
of XY4 and the size and date are exactly the same, so it looks like a
false positive to me.  The zip I have just downloaded is 4,026,176 in
size according to my file manager.

I am running XP and I use AVast version 4.7 because I found the later
versions too irritating.  It seems to work just as well but is less wizzy.

I don't know if any of this helps.

Best wishes

Paul




On 30/01/2015 17:08, J R FOX wrote:
> The more immediate issue seems to be getting a download of the archive
> that is not corrupt.  This happened not only on the desktop rig that I
> mentioned (which has both Avast and Malwarebytes on it), but on a brand
> new one that just has MS Security Essentials.  In both cases, neither
> PKZip, 7-Zip, nor WinRar could could open the XyWeb120 archive.  Can you
> open yours ?
>
> There have been times where either Avast or MBam munged downloads they
> objected to.  The result is typically a truncated file.  My download of
> 120 ran a shade over 4 Mb.  Editing their site or file whitelists
> generally cured this.  As an experiment, I'm going to download the file
> again using an older laptop that runs XP and has *no* AV on it any
> longer, or if necessary also a laptop that runs eCS and has no AV
> program.  Should I keep getting the same result, something is indeed
> wrong here.
>
> Of course, if Carl is close to releasing a revised U2 collection, this
> may all soon be moot.
>
>
>    Jordan
>
>    ------------------------------------------------------------------------
>    *From:* Paul Breeze mailto:paul.breeze@xxxxxxxx; href="mailto:paul.breeze@xxxxxxxx
>    *To:* xywrite@xxxxxxxx
>    *Sent:* Friday, January 30, 2015 2:55 AM
>    *Subject:* Re: likely false positive (?)
>
>    Dear Jordan
>
>    I use Avast and it didn't blink when I downloaded XYweb120.
>
>    Maybe it is possible to be TOO cautious?
>
>    Best wishes
>
>    Paul
>
>
>
>    On 30/01/2015 04:25, J R FOX wrote:
>      > Here is the VirusTotal scan on XyWeb120, which I had to download
>      > elsewhere.  I probably can't even open the archive on this system,
>      > without first disabling Avast! AV.  There seem to be 4 or 5 out
>    of the
>      > 57 AV products in agreement on this, but I'm still kind of skeptical.
>      >
>      > Does anyone know if MS Security Essentials is any good ?  (Win
>    Defender
>      > does not have all that good a reputation.)
>      >
>      > btw, I did run Winprint from the Japanese Sourceforge through
>    this, and
>      > it was not flagged.
>      >
>      >
>      >
>      >    Jordan
>      >
>
>
>