[false positive] my own personal site.

Discussion in 'ESET NOD32 Antivirus' started by mudlord, Apr 19, 2011.

Thread Status:
Not open for further replies.
  1. mudlord

    mudlord Registered Member

    Joined:
    Apr 19, 2011
    Posts:
    6
    Hello,

    One of my end users reported that my entire site is blacklisted for "potentially dangerous" content.

    I am wondering how do I see regarding this evident false positive? Is it on the blacklist because I encrypt my content from being pirated?

    I am willing to give source code to ESET developers so they can see themselves that *every* application I made is virus free.

    Site in question is: mudlord.emuxhaven.net

    Thankyou in advance for the prompt response.
     
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Hmm..... not only ESET.
    6/23 Detected.
    -http://www.urlvoid.com/scan/mudlord.emuxhaven.net
     
  3. mudlord

    mudlord Registered Member

    Joined:
    Apr 19, 2011
    Posts:
    6
    Damn....
    Could the reason be that I encrypt my executable content?

    I am curious as to the rationale behind such blacklisting.
     
  4. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Post the MD5 the executable please.
     
  5. mudlord

    mudlord Registered Member

    Joined:
    Apr 19, 2011
    Posts:
    6
    MD5 : 830c35861da851789b8bd936a57dc4f5
    SHA1 : d9f5a40e0006f6da6c816d6da87a261f0d2047c0
    SHA256: 5d1f024b9dad127b94cf50cf9f5c6d411900e127917f6ae643bc4785188d9836

    *virustotal*

    Seems the reason is due to ASPack being used on one of the driver components.
     
    Last edited: Apr 19, 2011
  6. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    May be the encryption yes.

    BTW VirusTotal results isn't allowed to be posted unfortunately, if you don't delete the link a Mod will.
     
  7. mudlord

    mudlord Registered Member

    Joined:
    Apr 19, 2011
    Posts:
    6
    Fair enough,

    Might just change the encryption to something less aggressive again.
    Or none at all. >_>
     
  8. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I think you should wait for ESET's official response before you change anything.
     
  9. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  10. mudlord

    mudlord Registered Member

    Joined:
    Apr 19, 2011
    Posts:
    6
    Thanks very much.
    Will do. :)
     
  11. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You're welcome, I visited your site, it is blacklisted as SweX posted in this thread @ -www.urlvoid.com/scan/mudlord.emuxhaven.net
    While I do not rely on reputation based sites, the blacklist by ESET will not be removed until you take further action.
     
    Last edited: Apr 20, 2011
  12. mudlord

    mudlord Registered Member

    Joined:
    Apr 19, 2011
    Posts:
    6
    Posted a report as well as links to the now packer free content.
    The only content now in the installer that is packed is the BASS libraries, which I cannot unpack since the code in those libraries is the content of a 3rd party middleware developer. And those BASS libraries are packed with Petite (the developer's own proprietary copy protection).
     
  13. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Allow ESET sufficient time to examine your submission, you may be advised via email, private message or a statement from an ESET Representative to this thread.
     
Thread Status:
Not open for further replies.