FalsePositives

Every once in a while, an antivirus program pops up and says that Wireshark (and Ethereal before it) contains some sort of malware. This is a list of the reports we've received in reverse chronological order. So far, every single report has been a false positive.

• Mar 2016: CLEAN MX, via hosting provider

• Nov 2015: Wireshark and WinPcap installers

• Jun 2012: WiresharkPortable.exe

• Jan 2010: WiresharkPortable.exe

• Jul 2008: zlib.dll (Secunia ISP is confused about the version we're using)

• Feb 2007: Adware-Softomate.dll (primarily affected WinPcap)

• Nov 2006: Sbus.dll

• Jul 2006: Trojan.Zlob

• May 2005: W32/haxdoor.ap@bd

• Mar 2005: W32/Bancos.GL

• Apr 2003: Family key logger

• Jun 2002: Momma B

The Wireshark Windows installer uses NSIS, who maintain their own list.

A couple of Wireshark University training DVDs contain trace files with virus signatures. These pose no risk but can trigger false alarms.

Imported from https://wiki.wireshark.org/FalsePositives on 2020-08-11 23:13:58 UTC