False Positives
Every once in a while, an antivirus program pops up and says that Wireshark (and Ethereal before it) contains some sort of malware. This is a list of the reports we've received in reverse chronological order. So far, every single report has been a false positive.
Jul 2008: zlib.dll (Secunia ISP is confused about the version we're using)
Feb 2007: Adware-Softomate.dll (primarily affected WinPcap)
Nov 2006: Sbus.dll
Jul 2006: Trojan.Zlob
May 2005: W32/haxdoor.ap@bd
Mar 2005: W32/Bancos.GL
Apr 2003: Family key logger
Jun 2002: Momma B
The Wireshark Windows installer uses NSIS, who maintain their own list.