NOD32 reported malware on demo download

[rustleg]

I tried to download your demo from Softpedia and NOD32 antivirus intercepted it and claimed to have quarantined something.

The log says this:
26/10/11 12:57:37 Preload access protection file /tmp/1gVCHPMp.part a variant of Win32/InstallCore.D potentially unwanted application cleaned by deleting - quarantined jr Event occurred on a new file created by the application: /usr/lib/firefox-7.0.1/firefox.

I downloaded the file ok from Cnet without any intervention, and its SHA1 checksum agrees.

I am using Linux Mint 11 with NOD32 for Linux running (how's that for paranoia?).

[Kevin McAleavey]

Oct 26, 2011 7:24:14 GMT -5 rustleg said:

I tried to download your demo from Softpedia and NOD32 antivirus intercepted it and claimed to have quarantined something.

The log says this:
26/10/11 12:57:37 Preload access protection file /tmp/1gVCHPMp.part a variant of Win32/InstallCore.D potentially unwanted application cleaned by deleting - quarantined jr Event occurred on a new file created by the application: /usr/lib/firefox-7.0.1/firefox.

I downloaded the file ok from Cnet without any intervention, and its SHA1 checksum agrees.

I am using Linux Mint 11 with NOD32 for Linux running (how's that for paranoia?).

Greetings and apologies for the delay ... my guess is that NOD32 is off on another of their FP's given that the SHA1 matches. Given that KNOS is presented as an ISO file within a RAR, about the only way for anything untoward to occur would be visible inside that RAR and would have to be in addition to the ISO file itself. It'd be mighty easy to spot and highly suspicious were the detection to be "real" ... All of the copies out there are our own with internal protections. One doesn't get any more paranoid than I do when it comes to Windows - that's why we did this in the first place.