Re: Lua x antivirus

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Lua x antivirus
From: Florian Weimer <fw@...>
Date: Fri, 13 Jul 2012 21:00:08 +0200

* Enrico Colombini:

> On 12/07/2012 23.13, Florian Weimer wrote:
>> Uploading false positives to Virustotal is not a good idea because it
>> triggers all kinds of automated actions, most of them geared towards
>> branding the file as malware.
>
> I didn't know that; are you sure it works that way?

Yes, in extreme cases.  I don't know why Oliver thinks otherwise.

To clarify, I did not want to suggest that Virustotal or the AV
vendors are doing something nefarious.  It's just that there automated
processes whose effects can be surprising.  This makes sense for
various reasons.. Some malware authors use Virustotal to test their
creations.  Here's one case which is quite well-documented:

<http://www.f-secure.com/weblog/archives/00002250.html>

> I've often used it to check files and I often got a negative
> result. Sometimes it was a false positive by a single antivirus
> only.

It has to be a false positive with a certain level of AV detection.
It doesn't work for files with no detection.

Follow-Ups:
- Re: Lua x antivirus, Enrico Colombini

References:
- Lua x antivirus, Roberto Ierusalimschy
- Re: Lua x antivirus, Enrico Colombini
- Re: Lua x antivirus, Florian Weimer
- Re: Lua x antivirus, Enrico Colombini

Prev by Date: Re: Lua x antivirus
Next by Date: Re: cqueues: An embeddable asynchronous event and sockets library
Previous by thread: Re: Lua x antivirus
Next by thread: Re: Lua x antivirus
Index(es):
- Date
- Thread