seanhart Posted December 7, 2007 Posted December 7, 2007 Just a quick notice that McAfee AntiVirus with DAT files version 5180 (Dec 7) are detecting script compiled with AutoIt 3.2.2.0 as being infected with the YahLover.worm virus. I have opened a support ticket with McAfee and will provide an update when I have one.
Mrinaldi Posted December 7, 2007 Posted December 7, 2007 We just heard from Mcafee they are working on a new dat to resolve the issue Eta is monday
seanhart Posted December 7, 2007 Author Posted December 7, 2007 I just finished working with McAfee support and doing testing, and they have confirmed the issue and said they will release the new DAT files (5181) today.
JustinReno Posted December 7, 2007 Posted December 7, 2007 (edited) You don't need to make threads like this, they don't matter. And this doesn't belong in the general help and support. Edited December 7, 2007 by JustinReno
Legacy99 Posted December 8, 2007 Posted December 8, 2007 I beg to differ, this was very helpful information, saves me a call to McAfee, I do everything that I can with Autoit and was wondering why some of my scheduled tasks were not firing.
JustinReno Posted December 8, 2007 Posted December 8, 2007 Yes, but its very unnessesary crap added to the forum where over 99 percent of people know that AutoIt is blacklisted by many antivirus programs. Read the FAQ.
seanhart Posted December 8, 2007 Author Posted December 8, 2007 For those of us using AutoIt in our day to day jobs it's good to share information like this that could affect what we're doing. As soon as I started having these problems I checked the forums first to see if there was a known issue, and I'm glad to see others benefiting from this post.In any case, McAfee has now released an "emergency update" and specifically referenced AutoIt compiled scripts as the reason why. It's good to see it recognized as a legitimate program by one of the leading anti-virus vendors.McAfee mentions the false detection of AutoIt here: http://vil.nai.com/vil/content/v_140628.htm
Automan Empire Posted December 8, 2007 Posted December 8, 2007 It happened to me today also. McAfee ate my compiled program. I knew that McAfee sometimes had false detections with AutoIt programs in the past, so I checked here first. "I've seen your work in the past, and it's novice at best..." SmOke_N
BrettF Posted December 8, 2007 Posted December 8, 2007 Lets all calm down... And read this: http://www.autoitscript.com/forum/index.php?showtopic=34658 Vist my blog!UDFs: Opens The Default Mail Client | _LoginBox | Convert Reg to AU3 | BASS.au3 (BASS.dll) (Includes various BASS Libraries) | MultiLang.au3 (Multi-Language GUIs!)Example Scripts: Computer Info Telnet Server | "Secure" HTTP Server (Based on Manadar's Server)Software: AAMP- Advanced AutoIt Media Player | WorldCam | AYTU - Youtube Uploader Tutorials: Learning to Script with AutoIt V3Projects (Hardware + AutoIt): ArduinoUseful Links: AutoIt 1-2-3 | The AutoIt Downloads Section: | SciTE4AutoIt3 Full Version!
PsaltyDS Posted December 8, 2007 Posted December 8, 2007 (edited) I just finished working with McAfee support and doing testing, and they have confirmed the issue and said they will release the new DAT files (5181) today.Thanks for posting that, seanhart.@JustinReno: I disagree with you. A post of "McAffee says my script is infected... what do I do?!" is clearly not needed, but the calm example of doing exactly what's needed by seanhart is refreshing. Note that the sticky "Are my AutoIt EXEs really infected?" is locked, so the details of the resolution of this particular false positive could not be posted there. I would personally like to see an open sticky where people could log doing exactly what you are supposed to do, and the results they get. This would build a community running history of:AutoIt versionAV Software and versionDAT file versionDetails of false positive reportWhen reported to AV Co.Response from AV Co.In this particular example, it documents an incident that reflects well on McAffee. They received a report of a false positive, took it seriously, and replied in a prompt manner. Kudos to them. Edited December 8, 2007 by PsaltyDS Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
BrettF Posted December 8, 2007 Posted December 8, 2007 Thanks for posting that, seanhart.@JustinReno: I disagree with you. A post of "McAffee says my script is infected... what do I do?!" is clearly not needed, but the calm example of doing exactly what's needed by seanhart is refreshing. Note that the sticky "Are my AutoIt EXEs really infected?" is locked, so the details of the resolution of this particular false positive could not be posted there. I would personally like to see an open sticky where people could log doing exactly what you are supposed to do, and the results they get. This would build a community running history of:AutoIt versionAV Software and versionDAT file versionDetails of false positive reportWhen reported to AV Co.Response from AV Co.In this particular example, it documents an incident that reflects well on McAffee. They received a report of a false positive, took it seriously, and replied in a prompt manner. Kudos to them. I like you idea. Does anyone think there is a chance of this happening? Vist my blog!UDFs: Opens The Default Mail Client | _LoginBox | Convert Reg to AU3 | BASS.au3 (BASS.dll) (Includes various BASS Libraries) | MultiLang.au3 (Multi-Language GUIs!)Example Scripts: Computer Info Telnet Server | "Secure" HTTP Server (Based on Manadar's Server)Software: AAMP- Advanced AutoIt Media Player | WorldCam | AYTU - Youtube Uploader Tutorials: Learning to Script with AutoIt V3Projects (Hardware + AutoIt): ArduinoUseful Links: AutoIt 1-2-3 | The AutoIt Downloads Section: | SciTE4AutoIt3 Full Version!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now