lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


* Enrico Colombini:

> On 12/07/2012 23.13, Florian Weimer wrote:
>> Uploading false positives to Virustotal is not a good idea because it
>> triggers all kinds of automated actions, most of them geared towards
>> branding the file as malware.
>
> I didn't know that; are you sure it works that way?

Yes, in extreme cases.  I don't know why Oliver thinks otherwise.

To clarify, I did not want to suggest that Virustotal or the AV
vendors are doing something nefarious.  It's just that there automated
processes whose effects can be surprising.  This makes sense for
various reasons.. Some malware authors use Virustotal to test their
creations.  Here's one case which is quite well-documented:

<http://www.f-secure.com/weblog/archives/00002250.html>

> I've often used it to check files and I often got a negative
> result. Sometimes it was a false positive by a single antivirus
> only.

It has to be a false positive with a certain level of AV detection.
It doesn't work for files with no detection.