The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

> F-Secure reports our Eduroam CAT installer as Trojan.Generic.12420647. 
> Virustotal.com reports 10 out of 55 virus scanners doing the same. 
>
> Earlier it has been posted to this list that Symantec and ClamAV has done 
> the same thing. But now they apparently don't any more. Probably because 
> someone has posted a report on false positive to them. 
>
> What is the best way to handle this? Should each IDP report it to the 
> different virus scan providers as they pop up or should this be done by the 
> developers?
>
> My main goal is of course to get this out of the way as soon as possible so 
> that my users don't get used to ignoring reports about viruses.

Doing this once is enough - it's one of the static small helper .exe's
inside the installer that seems to appear fishy to some AVs. It's the
one that adds the encrypted user password to the registry during the
installation process.

I have just uploaded the NTNU Win 7 installer as a false positive to
F-Secure. Can you keep a close eye on the status of the detection in the
coming days? Eventually, the fix should trickle into F-Secure's DB and
get the installer out of harm's way.

Stefan

Attachment: signature.asc
Description: OpenPGP digital signature