SzG wrote:My virus scanning system (Symantec Endpoint Protection) has just quarantined Crafty 23.0 (32-bit).
It's been there for months. There was a system update this morning.
It is probably my 32 bit Intel compile ?
This is getting stupid now. So many false positives.
First Avira/Antivir and Mcaffe always flagged Intel 32 bit compiles, so I
contacted them. That issue seems to be resolved with Avira now, but take a look at my
Virustotal scan now, so many dumb scanners. I sure they must use each others definitions >
hi all,
a long time back when this was a problem with virus scanners
and crafty.
i dont remember the details though.
there's probably some new varient someone has named
craftywhatever.
go to the venders web sight and see if you can do a search.
Jim Ablett wrote:I re-compiled 32 bit version and packed it with exe packer upx.
It now gets a clean bill of health in VirusTotal :roll: >
[...]
So I future I will do this with all Win32 Intel compiles.
That's pretty funny. It wasn't that long ago when the one sure way to get flagged by scanners was to pack with UPX. If that is now the solution, it makes me wonder if some of the AV companies are running in circles.
[edit]
It's also funny when packing makes a difference at all... If it does, then you know the scanner is worthless because it can't even tell the difference between packed and unpacked files. They are effectively identical, and as such, should produce identical scan results.
Jim Ablett wrote:I re-compiled 32 bit version and packed it with exe packer upx.
It now gets a clean bill of health in VirusTotal >
[...]
So I future I will do this with all Win32 Intel compiles.
That's pretty funny. It wasn't that long ago when the one sure way to get flagged by scanners was to pack with UPX. If that is now the solution, it makes me wonder if some of the AV companies are running in circles.
[edit]
It's also funny when packing makes a difference at all... If it does, then you know the scanner is worthless because it can't even tell the difference between packed and unpacked files. They are effectively identical, and as such, should produce identical scan results.
Hi Eric,
Actually not byte for byte identical. Packed executables are usually stripped of surplus data when compressed such as overlay data, unused resources, debug data etc.
Engin wrote:is it possible that a virus jump from other file to crafty ???
Hi Engin,
Yes it is very possible that any exe file can become infected and users are right to be
very cautious when anti-virus alerts them and not to take a chance, but in this case
their security programs are detecting a false positive. All Antivirus give false positives but
some very few, others a lot. I think best is Kaspersky or Nod in that respect. Those are the
ones whose results you should look at first and trust the most when scanning with online tool like VirusTotal.
>
