screff
10th August 2004 01:31 UTC

The same thing happens to me. If I try to compile any NSI scripts Symantec AV quarantines the dll saying that it is Download.Trojan.

I'm using Symantec Anti-Virus Corporate Edition 9.0.0.338 Scan engine 1.2.0.13 with defs at 8/9/2004 rev. 37.

I think the definitions that came out today started detecting it.

I posted to Symantec's support forum in the hopes that they will fix this in their next virus definition upgrades. The post is available here: http://*******.com/6csvr

Joel
10th August 2004 15:08 UTC

Is the nsisdll the only file infected according to Symantec scan engine?

ferec
10th August 2004 17:10 UTC

Yes, that was the only one quarantined.

shins
10th August 2004 17:57 UTC

Here's a screenshot of the alert if anyone is interested.

ekiller200
10th August 2004 22:01 UTC

I don't know why Norton is flagging this dll now? I could be wrong but I do belive norton comes out with new virus defs on tuesdays. A dll that can fetch a file from the internet along with a dll to execute a the downloaded file could beconsidered dangerous.. But it is also a great tool.

Nevertheless.. I fixed this Norton problem by rebuilding nsisdl.dll from source. I don't know the detail on why this works, but I am going to look into this more.(to make sure it doesn't happen again)

unfortunately I think all clients who are using our old install will have this problem if they are running norton antivirus..

zimsms
11th August 2004 13:19 UTC

Hello All,

I have quite a few installers, that worked fine yesterday, now the same binary a day later is popping up the Norton Virus Quarantine as posted above. Has anyone found a resolution to this?

pengyou
11th August 2004 14:27 UTC

Has anyone found a resolution to this?

zimsms
11th August 2004 14:32 UTC

Live update says there are no new defs. How do I get the ones for August 10th?

[EDIT]
N/m I got it. Why can't they just get live update to do it as well! Thanks!
[/EDIT]

screff
11th August 2004 19:28 UTC

I can confirm the 8/10/2004 rev. 23 definitions fix the problem. woohoo!

go_jesse
26th August 2004 17:47 UTC

Mcafee is now doing the same thing, defs version 4388

[doh] i should have read the other thread

coopey247
26th August 2004 20:20 UTC

I've got McAfee 7.1, Virus Definitions 4388, created on Aug 25th. It is calling nsisdl.dll a "Downloader-OG" trojan. How dare they mess with my NSIS, i oughta......

VegetaSan
27th August 2004 13:19 UTC

I dont have that problem (using Mcafee). This is kinda weird....

zimsms
27th August 2004 15:00 UTC

Hello McAfee users,

It states right on the McAfee Customer Support Knowledge Base page that the virus definition files 4388, are incorrectly identifying nsisdl.dll as being a virus. They also state that this has been addressed in the 4389 definitions. However, they haven't released the 4389 definitions as of yet.

Brummelchen
27th August 2004 17:12 UTC

@mcafee users - define "nsisdl.dll" as exception rule (file/folder) for read&write. (access and manually scan)
no target folder needed, just the name cause this dll is mostly used in a nsis-tmp-folder.

MarkEWaite
20th May 2006 12:22 UTC

Symantec's virus definition file dated 18 May 2006 version 17 again shows NSISdl.dll from NSIS 2.16 as infected with Trojan.Download. http://nsis.sourceforge.net has a new version, 2.17, that Symantec does not report as virus infected, but we've manufactured 1500 CD's that include NSISdl.dll and don't want to destroy those CD's because Symantec has a false positive in their definition file.

Any suggestions on the best way to persuade Symantec that their flagging is a false positive?

kichik
20th May 2006 12:27 UTC

Use their own tools to report it or the submission form. There is no need to destroy any CDs, they'll fix it.

More at: http://sourceforge.net/tracker/index...49&atid=373085