Every once in a while, an antivirus program pops up and says that Wireshark (and Ethereal before it) contains some sort of malware. This is a list of the reports we've received in reverse chronological order. So far, every single report has been a false positive.
- Mar 2016: CLEAN MX, via hosting provider
Nov 2015: Wireshark and WinPcap installers
Jun 2012: WiresharkPortable.exe
Jan 2010: WiresharkPortable.exe
Jul 2008: zlib.dll (Secunia ISP is confused about the version we're using)
Nov 2006: Sbus.dll
Jul 2006: Trojan.Zlob
May 2005: W32/haxdoor.ap@bd
Mar 2005: W32/Bancos.GL
Apr 2003: Family key logger
Jun 2002: Momma B
The Wireshark Windows installer uses NSIS, who maintain their own list.
A couple of Wireshark University training DVDs contain trace files with virus signatures. These pose no risk but can trigger false alarms.