Nod32 with latest update flags unknown virus in scan.dat of mcafee superdat 4884 while extracting by sdat4884.exe /e, but shows clean after extraction, should be FP.

Are we talking about the same file?

http://download.nai.com/products/datfiles/4.x/nai/dat-4884.zip

i got the same results.

{QUOTE-> Nod32 with latest update flags unknown virus in scan.dat of mcafee superdat 4884 while extracting by sdat4884.exe /e, but shows clean after extraction, should be FP. <-QUOTE}

Is it possible that this is a detection for a probably unknown SCRIPT virus?

{QUOTE-> Is it possible that this is a detection for a probably unknown SCRIPT virus? <-QUOTE}

Yes, something like that, unknown..., don't remember exactly the name.
The files after extraction are clean when scan with nod32, but it is during the manual extraction, when extracting scan.dat, nod32 flags and extraction cannot continue.

{QUOTE-> Are we talking about the same file?

http://download.nai.com/products/datfiles/4.x/nai/dat-4884.zip <-QUOTE}

Greetings,

http://download.mcafee.com/updates/superDat.asp has link to superdat. This contains engine, command line scanner as well as detection (dat) files.

I can confirm also a false detection. I've submitted this quite a number of times and just gave up.

Detection in my case is caused when 'get'ing the files usign WGET which is wrapped in KIXTART scripting language.

The subroutine involves extracing to the contents to a hardcoded location.

shell '"c:\McAfee\$SuperDAT" /e "c:\McAfee"'