SecureIT FP

Discussion in 'ESET NOD32 Antivirus' started by nodyforever, Aug 22, 2009.

Thread Status:
Not open for further replies.
  1. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon
    Hello,


    SecureIT AV FREE EDITON detected EAV and ESS false positive.

    Detection name: probably unknow newheur


    homepage: http://www.fightspyware.net/


    thank you andvance
     
  2. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
  3. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon
  4. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    You're welcome! :thumb:
     
  5. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon
    Not fixed :(
     
  6. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    Where is it possible to download the source code of the SecureIT?
    They are using the ClamAV engine which is open source (GNU General Public License). I expect the SecureIT is also bounded by the same license and the sources should be available. If I am wrong, please tell me.
     
  7. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    I sent him, too. Virus Researcher ask me for more information about SecureIT, which I sent to him. Now I wait answer.
     
  8. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    The false positive is under investigation. Thank you for your report.

    Regards,

    Aryeh Goretsky
     
  9. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    WinAntiSpyware, XPSecurityCenter, AntiSpyware2010, UnVirex, … is an incomplete list of fake antivirus applications that illegally use the ClamAV engine. Legitimate applications that use the ClamAV engine respect the GPL2 license.

    You may verify the license of the SecureIT:
    http://www.secureitdirect.com/resourcecenter/softwarelicense/secureit-eula.php
    Currently the software is released under EULA which incompatible with the GPL2 and the license requirements are not fulfilled. The software was developed using several GPL libraries, but the EULA is making impression that the whole software is somehow not bounded by this license, only the original GPL libraries (they provide the source code only of the GPL libraries they use).

    According the ClamAV documentation it is clear the whole software must be available under GPL.
    http://clamav.org/doc/latest/clamdoc.pdf
    Libclamav is licensed under the GNU GPL v2 licence. This means you are not allowed to link commercial, close-source applications against it. All software using libclamav must be GPL compliant.

    The software was not proven to be legal and recommended to use. It is not sure if there are other hidden problems or not.

    To resolve the problem I recommend the vendor to include the "scripts used to control compilation and installation of the executable", i.e. the tools required to compile and install the GPL licensed components ( http://gpl-violations.org/faq/vendor-faq.html )
    or to remove the GPL licensed code.

    When the problem will be resolved the software can be submitted for evaluation again.
     
Thread Status:
Not open for further replies.