False Positive

Discussion in 'Trojan Defence Suite' started by Vegasboy, May 3, 2004.

Thread Status:
Not open for further replies.
  1. Vegasboy

    Vegasboy Guest

    Good Morning;

    Newbie here...

    I ran into a rather minor issue but don't know how to solve it..
    I'm a registered user of TDS-3.. Standard out of box configuration.

    I use SpamPal for windows as an anti-spam solution. It is simply one of the best anti-spam solutions out there, bar none and it's free. It's based on the SpamAssassain Model. It has coexisted peacefully with TDS-3 on my ssystem for along time now.. It sort of functions as a proxy server sitting in between my mail server and my mail client. it works well picking up averaging 100% of spammed messages..

    OK.. I try to fire up Spampal this morning.. Nothing.. Program won't execute.
    o_O I tried everything i knew but the program simply will fire up.. I am stumped... Sparing you all the gory details i finally pull up TDS-3 and lo and belold TDS-3 is blocking it!!! Identifies it as a "Positive Identification." Says it is the RAT.easydor.d

    Normally I'd freak.. But no.. This is not a new version of Spampal.. this false identification came up after I did a TDS-3 update last night... I am 100% certain this is a false positive..

    Here's the problem.. With SpamPal I must change my client e-mail settings to localhost... So without SpamPal running, I have no access to e-mail...

    How I can I mark the spampal.exe as safe, or exclude it so I can get my mail again??

    Thanks,

    B
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hello there, please zip the file and submit to submit@diamondcs.com.au for expert advice on it's details and so the databases can be refined where necessary.
    Did you check the file itself for recent modifications?
    At least put it in the CRC scan to keep an eye on it.
    You could temporary exclude it from scanning till you know Gavin's opinions.
    As a second opinion in the meantime you mightr like to check online at www.kaspersky.com/remoteviruschk.html before you exclude the scanning.
     
    Last edited: May 3, 2004
  3. Vegasboy

    Vegasboy Guest

    The file has not been modified at all..
    I run Kaspersky Personal Pro. It is fully updated.
    Nary a whimper from Kaspersky so it's clean..

    I assume as it runs as sort of a proxy server that's why TDS-3 complains..

    I'll submit the file...

    B
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi, thanks. This is a false alarm which will be fixed very soon and an update made available
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Thanks Gavin! was counting on that by the description already.

    Vegasboy, i recommended the online KAV check as it is something outside your own system (if there could have been a reason why your installed scanner could have missed it -- for instance by a nasty infection disabling scanners), that online file check is really quick, rather reliable and updated every hour, just a few seconds for the answer, and it's always good to have a second opinion when in doubt.
     
Thread Status:
Not open for further replies.