The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Vidar Kværnø Stokke <vidar.stokke AT ntnu.no>]

>-----Original Message-----
>From: Stefan Winter 
>[mailto:stefan.winter AT restena.lu]
>Sent: Monday, January 12, 2015 1:17 PM
>To: Vidar Kværnø Stokke; 
>cat-users AT geant.net
>Subject: Re: [cat-users] False positive Trojan alert for F-Secure
>
>Hello,
>
>> F-Secure reports our Eduroam CAT installer as Trojan.Generic.12420647.
>Virustotal.com reports 10 out of 55 virus scanners doing the same.
>>
>> Earlier it has been posted to this list that Symantec and ClamAV has done
>the same thing. But now they apparently don't any more. Probably because
>someone has posted a report on false positive to them.
>>
>> What is the best way to handle this? Should each IDP report it to the
>different virus scan providers as they pop up or should this be done by the
>developers?
>>
>> My main goal is of course to get this out of the way as soon as possible so
>that my users don't get used to ignoring reports about viruses.
>
>Doing this once is enough - it's one of the static small helper .exe's 
>inside the
>installer that seems to appear fishy to some AVs. It's the one that adds the
>encrypted user password to the registry during the installation process.
>
>I have just uploaded the NTNU Win 7 installer as a false positive to 
>F-Secure.
>Can you keep a close eye on the status of the detection in the coming days?
>Eventually, the fix should trickle into F-Secure's DB and get the installer 
>out of
>harm's way.
>
>Stefan

Thank you Stefan. 

I also posted a false positive to F-Secure last Friday and received a 
positive response today. They will update their database shortly. 


-- 
Best regards
Vidar Stokke
Senior Engineer
IT-division, Networking
Norwegian University of Science and Technology
(NTNU)
http://www.ntnu.no/it