0002308: SpringModuleUpdater.exe reported as Trojan.IRCBot-3999

ID	Project	Category	View Status	Date Submitted	Last Update
0002308	Spring engine	General	public	2011-01-19 14:15	2011-01-19 14:39

Reporter	dfreeman	Assigned To	abma
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	resolved	Resolution	not fixable

Summary	0002308: SpringModuleUpdater.exe reported as Trojan.IRCBot-3999
Description	I just ran clamav (the virus scanner) for the first time in a long while, and it picked up an old version of SpringModuleUpdater.exe as Trojan.IRCBot-3999. The descriptions that I have read for this virus definition suggest that it might be a generic catch-all for executables that connect to IRC, without specifically knowing that it will open a back-door or join a bot-net. The other major vendors, Symantec/Kaspersky/etc. have a matching definition. However I thought I would report this in case it proves to be interesting. If it does, ask and I will attach the file. My copy has a time-stamp of 2009-09-06 23:28, probably the time when I downloaded it. It has a size of 2036647 bytes, and the following checksums: MD5: 404270fffdfb6d3c19281c659ff17b75 SHA1: c491255a15c4fe29c705b60ca6ee4b065d893840
Tags	No tags attached.

Checked infolog.txt for Errors

Date Modified	Username	Field	Change
2011-01-19 14:15	dfreeman	New Issue
2011-01-19 14:39	abma	Note Added: 0006274
2011-01-19 14:39	abma	Status	new => resolved
2011-01-19 14:39	abma	Resolution	open => not fixable
2011-01-19 14:39	abma	Assigned To	=> abma
2011-01-19 14:44	abma	Note Edited: 0006274

abma 2011-01-19 14:39 administrator ~0006274 Last edited: 2011-01-19 14:44	thanks for the notify, but please report this to http://cgi.clamav.net/sendvirus.cgi as false positive. the spring devs can't change anything here as this file seems to come from springinfo.info.