Ok, so I'm impressed with some aspects of TDS's trojan-finding techniques (having compared it with Tr**anH**ter, its most-visible serious competitor, and a few other so-called commercial apps which would best be described as 'student homework' or 'unfinished projects'). But I've noticed a few problems with TDS, that kinda make me wonder... F'rinstance: The SMTP client engine.... is it bust? Or is it just not implemented to RFC-standards? It won't seem to send a message to a valid local user, when it is running on the same box as the SMTP server for my domain! TDS seems to take exception to a second 220- response line, and reset the TCP socket - despite this being perfectly legal, and quite common, too. It means I can't submit the 3 'false positives' which have turned up on my Full Scan that I did today: First, it claims that Kiwi Syslog 7.00.0003 (Syslogd_Service.exe) is a 'live trojan in process memory'. Hmmm... don't think so - unless something's got well and truly screwed up. See http://www.kiwisyslog.com/ Second, it claims that an app which I wrote MYSELF, in Visual Basic, last week, is 'Positively Identified <ADV>' as a 'Possible WebDownloader'. Yeah, right. LOL - it's a program I wrote which enables me to read Kiwi Syslog files, parse them according to the weird syntax for my firewall/router, and stuff the output into an Access database, that's all. It's not generally available (so I KNOW it's not a trojan) - but I'm curious as to what item might possibly have caused TDS to reach for the alarm button here? AFAIK, aside from a bit of code which I borrowed to create a decent File:Open XP style dialog box (to replace the shabby inbuilt VB ones), the code is all definitely clean. I know - I WROTE it! LOL. I will double-treble check the bit I borrowed, though, just in case. Third, it complains that perl5.8.4.exe is a 'suspicious filename' because it has 'dual extensions'. I'm guessing this is simply because of the three dots in the filename - but come on, this is PERL, for goodness sake. Even though I appreciate this is a 'False Positive', surely you could trap for that error with your 'sophisticated scanning techniques' and stop an alert like this? How many people end up deleting their Perl implementation out of paranoia, before they realise they've just bust their website? Ok, so maybe I'm being a teeeny bit harsh - after all, how many 'stupid noobs' are going to be Syslogging, writing their own apps, and running a Perl implementation anyway? Fair point - but for those of us that ARE, I'd like to know that TDS isn't going to be as much hassle as it is a saviour. To me, too many false-positives are almost as costly as just doing my anti-trojan checks by hand, as I used to (till I got bored today and decided to see what was 'out there' in terms of products available to assist). I gotta say I was also NOT impressed to read about the update Radius problems that have been happening - whether ISP-cache-related (which you can't do anything about), or MS FTP-upload related (which you CAN!). I can't believe something as crucial as a sig-file update isn't MD5 checksummed or at the very least verified on the server as being intact before being renamed or moved to the distribution address. On the up-side, though, I also have to say that if Derek from the www.thespykiller.co.uk is here on this forum, and using TDS, it can't be all bad, surely. I rate Derek highly (though he probably doesn't know that - lol). So - I'm all ears... is this REALLY the best app available for Trojan spotting? Am I just being unlucky and revealing the bad bits on my first day? Or is it a sucky ol' pile of half-baked, poorly-implemented mumbo-nonsense and paranoia-warez, like so many of the rest of these AT 'tools'?