I got an answer back from Kaspersky. Basically we will need to whitelist each release for now. I asked if they could give me the technical details of what file or behavior is causing the flag, but they will only share that with the official organization developers. They have a partner program to ensure whitelisting. HTTP://USA.kaspersky. com/partners/white-list-program.
On Mar 15, 2011 2:01 PM, "Ian Clarke" <ian at locut.us> wrote: > Yeah, if they are just whitelisting a md5sum then we could get caught out > again by any subsequent release of that file :-/ > > Ian. > > On Tue, Mar 15, 2011 at 12:21 AM, Juiceman <juiceman69 at gmail.com> wrote: > >> I have been in contact with Kaspersky regarding the false positive >> detections. They have been quite helpful. I still need to find out >> what they are whitelisting, just the FreenetInstaller-1355.exe or the >> underlying files. >> >> >> ---------- Forwarded message ---------- >> From: <newvirus at kaspersky.com> >> Date: Mon, Mar 14, 2011 at 10:37 PM >> Subject: RE: Re: [VirLabSRF][False alarm on a file][M:1][LN:EN][L:0] >> [KLAN-117070913] [KLAN-118829548] >> To: juiceman69 at gmail.com >> >> >> Hello, >> >> It was added to the whitelist. >> Detection will disappear within 6 hours. >> >> Please quote all when answering. >> ----------------- >> Regards, Baranov Artiom >> Virus Analyst, Kaspersky Lab. >> >> >From: juiceman69 at gmail.com >> >Sent: 15.03.2011 5:28:00 >> >To: "New Virus" <newvirus at kaspersky.com> >> >Subject: Re: [VirLabSRF][False alarm on a file][M:1][LN:EN][L:0] >> [KLAN-117070913] >> > >> > On Fri, Mar 4, 2011 at 5:58 AM, <newvirus at kaspersky.com> wrote: >> > > Hello, >> > > >> > > We can not reproduce the detection, could you send us a screen shot >> about the detection ? >> > > >> > > Regards, >> > > VirusLab China >> > > >> > >>From: juiceman69 at gmail.com >> > >>Sent: 03.03.2011 6:02:00 >> > >>To: "New Virus" <newvirus at kaspersky.com> >> > >>Subject: [VirLabSRF][False alarm on a file][M:1][LN:EN][L:0] >> > >> >> > >> >> > >> LANG: en >> > >> email: juiceman69 at gmail.com >> > >> >> > >> description: >> > >> Kaspersky Anti Virus 11.0.1.400 detects Freenet as >> PDM.Worm.P2P.generic >> > >> Freenet is P2P software promoting freedom of speech in oppressive >> countries such as we are seeing in the Middle East now. >> > >> >> > >> To reproduce: >> > >> Install http://freenet.googlecode.com/files/FreenetInstaller-1355.exefrom >> > >> http://freenetproject.org/index.html. Half way through the install >> Kaspersky stops it and quarantines the installer. >> > >> >> > >> I have heard of other users having a similar problem, but encountered >> this personally. >> > >> >> > >> I have attached the file. Note the file passes virus scan before the >> install is attempted. >> > >> >> > >> uploaded files: >> > >> FREENETINSTALLER-1355.zip >> > >> > Sorry, to reply so late, I was on vacation. I am attaching two >> > screenshots. The "Freenet_Install_Start.jpg" shows the install >> > beginning just fine, the second screenshot >> > "FreenetInstaller_AV_Flagged.jpg" is when the install is continued and >> > files are unpacked. >> > It is not until the files are unpacked all the way and some other >> > programs/scripts inside are run that Kaspersky sees it as a virus. >> > >> > Thank you for looking further into this. Please keep me advised and >> > let me know if I can help in any way. >> > >> 10/1, 1st Volokolamsky Proezd, Moscow, 123060, Russia >> Tel./Fax: + 7 (495) 797 8700 >> http://www.kaspersky.com http://www.viruslist.com >> >> >> >> -- >> I may disagree with what you have to say, but I shall defend, to the >> death, your right to say it. - Voltaire >> Those who would give up Liberty, to purchase temporary Safety, deserve >> neither Liberty nor Safety. - Ben Franklin >> _______________________________________________ >> Devl mailing list >> Devl at freenetproject.org >> http://freenetproject.org/cgi-bin/mailman/listinfo/devl > > > > > -- > Ian Clarke > Personal blog: http://blog.locut.us/ -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20110316/cdba2575/attachment.html>
