[Gpg4win-devel] False postive virus detections of Gpg4Win binaries

[Andre Heinecke]

Hi,
we had a thread on gpg4win-users-en about a virus reported by F-Secure in the 
gpg4win package. According to Virustotal [1] some scanners detect the 
signature of Gen:Variant.Kazy.115700 in scdaemon.exe.
This is a false positive that you can easily reproduce by compiling scdaemon 
from gnupg-2.0.20 with gcc-mingw-w64-i686 (Debian Package Version 4.6.3-14+8)

While this is neither a fault of gnupg or gpg4win, the problem of 
overenthusiastic virus scanners is still an annyoing problem that can scare 
or confuse users.

A wide check with metascan-online, where I just uploaded a zip archive of all 
our binaries revealed additional reports for: Win32.SuspectCrc, 
Trojan.Win32.Swrort!E2, BackdoorSwrort.apb.bitk, VirTool.Win32.Obfuscator.hg 
and Gen Malware Detection.A3. Those were each reported only by a single 
scanner. 
The next step here would be to upload each file, and check where the detection 
error occurs.

If you want to help us, please check the files contained in the beta-197 
package with virustotal or your favorite virus scanner and report a false 
positive to the publisher of that scanner if you get a result. Hopefully this 
will reduce the reports before the stable gpg4win-2.1.1 release.


I've already notified F-Secure about the false positive in scdaemon.exe


Thanks and Regards,
Andre
 
https://www.virustotal.com/file/1efd2fedf2f08c29f63a530bf64da73632d3f50144e4b0a08a6da94a1e4898d5/analysis/

-- 
Andre Heinecke |  ++49-541-335083-262 |  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20130517/bc6b99bc/attachment.sig>