From clamav-win32-bounces@lists.clamav.net  Mon Jan 12 17:06:10 2009
Return-Path: <clamav-win32-bounces@lists.clamav.net>
X-Original-To: list@tad.clamav.net
Delivered-To: list@tad.clamav.net
X-Virus-Scanned: Debian amavisd-new at tad.clamav.net
Received: from tad.clamav.net ([127.0.0.1])
	by localhost (tad.clamav.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id KziL+el51cav; Mon, 12 Jan 2009 17:06:08 +0100 (CET)
Received: from tad.clamav.net (localhost.localdomain [127.0.0.1])
	by tad.clamav.net (Postfix) with ESMTP id BE86E16C093;
	Mon, 12 Jan 2009 17:06:08 +0100 (CET)
X-Original-To: clamav-win32@tad.clamav.net
Delivered-To: clamav-win32@tad.clamav.net
X-Virus-Scanned: Debian amavisd-new at tad.clamav.net
Received: from tad.clamav.net ([127.0.0.1])
	by localhost (tad.clamav.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id irmh17AynHOp for <clamav-win32@tad.clamav.net>;
	Mon, 12 Jan 2009 17:06:05 +0100 (CET)
Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.191])
	by tad.clamav.net (Postfix) with ESMTP id D89A116C08C
	for <clamav-win32@lists.clamav.net>;
	Mon, 12 Jan 2009 17:06:05 +0100 (CET)
Received: by mu-out-0910.google.com with SMTP id w1so4620370mue.2
	for <clamav-win32@lists.clamav.net>;
	Mon, 12 Jan 2009 08:06:05 -0800 (PST)
Received: by 10.103.244.19 with SMTP id w19mr10673068mur.134.1231776363781;
	Mon, 12 Jan 2009 08:06:03 -0800 (PST)
Received: by 10.103.1.15 with HTTP; Mon, 12 Jan 2009 08:06:03 -0800 (PST)
Message-ID: <64e9fb5a0901120806l518972c2o9fca28f8b12b9aa1@mail.gmail.com>
Date: Mon, 12 Jan 2009 11:06:03 -0500
From: "Matt Watchinski" <mwatchinski@sourcefire.com>
To: clamav-win32@lists.clamav.net
In-Reply-To: <abd246bf0901111208o7e6b8e74w219fe53d1f8ba799@mail.gmail.com>
MIME-Version: 1.0
References: <abd246bf0901111208o7e6b8e74w219fe53d1f8ba799@mail.gmail.com>
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.9
Subject: Re: [clamav-win32] False positive with ml_ipod
X-BeenThere: clamav-win32@lists.clamav.net
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: clamav-win32@lists.clamav.net
List-Id: <clamav-win32.lists.clamav.net>
List-Unsubscribe: <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32>,
	<mailto:clamav-win32-request@lists.clamav.net?subject=unsubscribe>
List-Archive: <http://lists.clamav.net/pipermail/clamav-win32>
List-Post: <mailto:clamav-win32@lists.clamav.net>
List-Help: <mailto:clamav-win32-request@lists.clamav.net?subject=help>
List-Subscribe: <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32>,
	<mailto:clamav-win32-request@lists.clamav.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: clamav-win32-bounces@lists.clamav.net
Errors-To: clamav-win32-bounces@lists.clamav.net

Please submit this as a false positive report on clamav.net

Thanks
-matt

On Sun, Jan 11, 2009 at 3:08 PM, Markus Peloquin <markpeloquin@gmail.com>wrote:

> ClamWin reports that ml_ipod's 'Process.exe' is a virus
> (Trojan.Killproc-1).  It is not a virus, but it does exhibit some
> suspicious behavior (the following post is by the primary developer of
> ml_ipod):
> http://forums.winamp.com/showthread.php?postid=2318907#post2319150
>
> This is with ml_ipod-3.06 (haven't checked previous versions).  I've
> uploaded a copy here:
> http://pages.cs.wisc.edu/~markus/misc/ml_ipod-false_positive.tar.gz<http://pages.cs.wisc.edu/%7Emarkus/misc/ml_ipod-false_positive.tar.gz>
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>



-- 
Matthew Watchinski
Sr. Director Vulnerability Research Team (VRT)
Sourcefire, Inc.
Office: 410-423-1928
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32