Kaspkersky False Positive in gosearch.gif

By Roger on November 2, 2009 3:03 PM | 3 Comments | No TrackBacks

Kaspersky is detecting gosearch.gif as Trojan.JS.ramif.a.

gosearch.gif is a standard magnifying glass icon used in Sharepoint as a search button.

I submitted this to Kaspersky and they concur its a false positive, so hopefully updated defs will be out shortly.

Categories:

Tags:

No TrackBacks

TrackBack URL: http://www.infosecblog.org/mt-tb20071121.pl/951

3 Comments

hooks | November 2, 2009 4:37 PM | Reply

Just received an email from a user indicating the behavior and confirmed the same. Thanks for the heads up.

Website protection | November 6, 2009 8:30 AM | Reply

Probably someone used same icon for some malware thats why it got detected.Since some Av's like kaspersky in some cases use look for icons used in some malwares to detect them

Antivirus Software | November 8, 2009 12:44 PM | Reply

That is the reason. The file is added to the signature due to a previous update.

Leave a comment

Categories

Archives

Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Follow me on Twitter
Got Backups? Get Safe Online Remember Rick Rescorla
Powered by Movable Type 4.31-en

Search

About this Entry

This page contains a single entry by Roger published on November 2, 2009 3:03 PM.

Understanding Risk was the previous entry in this blog.

Security Updates for Shockwave is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.