Archive: Sophos AV gives false positive for NSIS produced installers?
Sophos AV gives false positive for NSIS produced installers?
Hi,
Sophos AV has suddenly started reporting that all my NSIS produced installers are infected with "Troj/Mutlidr-KE"
http://www.sophos.com/virusinfo/anal...multidrke.html
According to the Sophos site, protection for this "trojan" has only been available since this morning.
However, I suspect this to be a false positive, much like this one.
Has anyone else seen this?
Update: MakeNSIS reports v2.0b3
Nop. I don't have problems with my NSIS components or Installers.
I have updated my Norton to Norton AV 2005 lastest virus def.
Troj/Multidr-KE extracts and runs several files.
Two of these are detected as Troj/Sysme-A and Troj/Dloader-BA. The others are adware related.
Update: MakeNSIS reports v2.0b3Hmmm... Probably that's nsisdl.dll when installing files. Maybe you could check if the latest development version has this false-positive too.
Lobo Lunar: Thanks for your comment but I am using Sophos Anti-virus, not Norton AV.
deguix: Thanks for your suggestion, others here use NSIS v2.0 and report no such problems. However, for me, the red-tape overhead of having to update NSIS in our development branch is very high.
UPDATE - PROBLEM RESOLVED: I now notice that the problem has gone away this morning. Also, Sophos.com have updated the virus definition, the "protection history" now says:
Updated - 16 August 2004 15:55:30 (GMT)So it seems our reporting the problem resulted in a fix being produced. Thanks to all for your help, hope this post helps someone else.
Published - 16 August 2004 11:33:28 (GMT)