SecureIT FP

Hello,


SecureIT AV FREE EDITON detected EAV and ESS false positive.

Detection name: probably unknow newheur


homepage: http://www.fightspyware.net/


thank you andvance

 

See this KB article:
http://www.eset.com/threat-center/encyclopedia/glossary/newheurpe

 

sent mail


thanks

 

You're welcome!

 

Not fixed

 

Where is it possible to download the source code of the SecureIT?
They are using the ClamAV engine which is open source (GNU General Public License). I expect the SecureIT is also bounded by the same license and the sources should be available. If I am wrong, please tell me.

 

I sent him, too. Virus Researcher ask me for more information about SecureIT, which I sent to him. Now I wait answer.

 

Hello,

The false positive is under investigation. Thank you for your report.

Regards,

Aryeh Goretsky

 

WinAntiSpyware, XPSecurityCenter, AntiSpyware2010, UnVirex, … is an incomplete list of fake antivirus applications that illegally use the ClamAV engine. Legitimate applications that use the ClamAV engine respect the GPL2 license.

You may verify the license of the SecureIT:
http://www.secureitdirect.com/resourcecenter/softwarelicense/secureit-eula.php
Currently the software is released under EULA which incompatible with the GPL2 and the license requirements are not fulfilled. The software was developed using several GPL libraries, but the EULA is making impression that the whole software is somehow not bounded by this license, only the original GPL libraries (they provide the source code only of the GPL libraries they use).

According the ClamAV documentation it is clear the whole software must be available under GPL.
http://clamav.org/doc/latest/clamdoc.pdf
Libclamav is licensed under the GNU GPL v2 licence. This means you are not allowed to link commercial, close-source applications against it. All software using libclamav must be GPL compliant.

The software was not proven to be legal and recommended to use. It is not sure if there are other hidden problems or not.

To resolve the problem I recommend the vendor to include the "scripts used to control compilation and installation of the executable", i.e. the tools required to compile and install the GPL licensed components ( http://gpl-violations.org/faq/vendor-faq.html )
or to remove the GPL licensed code.

When the problem will be resolved the software can be submitted for evaluation again.