The MASM Forum
Projects => MASM32 => AV Software sh*t list => Topic started by: hutch-- on October 13, 2012, 02:49:17 PM
-
It appears to be a worrying trend that ESET AV scanners are starting to report comletely safe old files as infected. The following file, "cool.gif" is an antique smiley from the UK forum yet I have recently received reports that ESET are flagging it as an infected file.
This is the HEX notation for the 353 byte gif smiley. Note that I have copied the file directly from the current server that contains the old masm forum files.
; *******\cool_smiley\cool.gif 353 bytes
00000000 :47 49 46 38 39 61 0F 00 - 0F 00 D5 39 00 FF E6 0E
00000010 :FE A1 01 FE BD 06 FF D2 - 0A FE A6 02 FF C4 08 FF
00000020 :C8 09 FE 9E 00 FE B0 04 - FF C5 08 FF FF FF FE B7
00000030 :05 FF D9 0C FF BC 06 FE - D2 0A FF AA 03 FE BB 06
00000040 :FF B7 05 FE AA 02 FE E6 - 0F FE C9 09 FF CA 09 FF
00000050 :AE 03 FE CC 09 FE CA 09 - FE A4 01 FE A7 01 FE B1
00000060 :04 FE D2 0B FF DD 0D FF - B3 04 FF CC 09 FF B1 04
00000070 :FE DD 0D FF D8 0C FE BD - 07 FE C8 09 FF DB 0C FF
00000080 :B3 05 FE C4 08 FE AB 03 - FE A2 01 FE D1 0A FE D9
00000090 :0C FE BC 06 FE DB 0D FE - A3 01 FF DD 0C FF AA 02
000000A0 :FF D2 0B FF E9 0F FF CA - 08 FE CB 09 FE B4 04 FE
000000B0 :A1 00 FE 9D 00 00 00 00 - FF FF FF 00 00 00 00 00
000000C0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 21 F9 04
000000D0 :01 00 00 39 00 2C 00 00 - 00 00 0F 00 0F 00 00 06
000000E0 :7E C0 9C 50 88 2B 16 87 - C8 5C 91 46 29 08 4C 47
000000F0 :24 CE C1 28 AD 38 06 01 - 88 80 1B E2 06 9D 89 0C
00000100 :F0 8A 25 16 A8 40 57 69 - 2C 02 DA 47 DC 07 4E BF
00000110 :15 2B 46 05 EE 5D D4 DB - 71 09 2A 46 00 21 0E 46
00000120 :01 7F 0D 24 03 0C 2D 22 - 03 59 08 04 07 7F 35 2C
00000130 :27 18 17 33 05 23 1E 30 - 88 76 4A 1B 0B 38 0D 10
00000140 :11 08 12 38 37 A1 4A 1A - 0F 16 70 AC AD 4A 01 29
00000150 :19 2E 36 94 AC 6B 5E AB - B3 7F 49 BE 46 49 41 00
00000160 :3B
I would hope this is only a temporary blunder from ESET as I have long recommended their scanners for people who must use this type of software. In the mean time it appears safe to keep recommending the Microsoft Essentials which don't flag perfectly safe antique files as infected. The file dates 2006 and has been a component of the old UK forum for the last 6 years.
-
Hi Hutch,
This is a false positive. What's the report of Jotti (http://virusscan.jotti.org/en)?
-
Must be a strange report.
Filename: cool.gif
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Sat 13 Oct 2012 15:03:38 (CET) Permalink
No problems here.
-
And yet, a long series of zerobytes in a file that claims to be highly compressed... suspicious ::)
Hutch, has your puter been running a bit slow the last 6 years?
-
JJ,
I posted the HEX to show what was in the file. Where are you getting the extra zero bytes from ?
-
000000B0 :A1 00 FE 9D 00 00 00 00 - FF FF FF 00 00 00 00 00
000000C0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 21 F9 04
But hey, I was just joking ;)
-
Hi,
ESET blocks the complete old archive forum.
Also the smileys here in the current forum.
I made a support request.
Greenhorn
-
Greenhorn,
Gratsie.
-
I guess they’re trying to avoid a scenario where the worm that destroyed the world was hiding in a smiley :biggrin:
-
When I posted this message the smilies were in a row and not distorted like they were a
few days ago. No messages appeared from ESET so I guess they finally got their
act together. :greenclp:
Thanks ESET if you see this.
-
Yepp, nothing is blocked anymore.
The old forum archive is browsable and the smileys are happy again.
NOD32 complains about nothing.
Thanks ESET. :t
Greenhorn
-
:biggrin: Yeah, I can browse the forum again without being blocked by ESET NOD32.