Antivirus module - bug, fail detect
a part of code from function RorData from packet masm32 (microsoft assembler, masm32 lib) detected as “backdoor haxdoor.DA*digits”
this code:
Code:
MOV CL,BYTE [EBP-9]
ROR AL,CL
POP ECX
*****
MOV EDX,DWORD ptr [EBP+10h]
MOV DWORD ptr [EBP-8],EDX
MOV ESI,DWORD ptr [EBP-8]
MOV AL,BYTE ptr [ESI]
INC ESI
Hi dblv,
Just a query.
Are you saying this is a false positive?
What version of CIS are you using?
Best wishes
Mike
Thanks very much for your issue report. We have moved it to the non-format bugs board for the moment, because too much of the information we normally need to replicate a problem and fix it is missing, or it is not in the format we request.
We realize some people may not have the time to do bug report in standard format, and therefore offer the option of a non-format report instead. But the problem is much more likely to be fixed promptly if you edit your first post to create an issue report which meets all criteria in the Checklist and Format. (You can copy and paste the format from this topic). The general reasons why are summarized in that post, the reasons we ask for specific pieces of information are given in this detailed post.
You can get your report moved to the format verified issues board simply by ensuring that it is correctly formatted and all criteria are met, and PM’ing a mod who is active on the bug board.
Best wishes
Mouse
Are you saying this is a false positive?
yes. because that detect affect public code which included in masm32 (from microsoft)
this function:
RorData PROTO :DWORD,:DWORD,:DWORD,:DWORD
I use Antivirus only. latest version
Ok so this is really a false positive report. I’ll move to an appropriate board now
Best wishes
Mouse
Please submit a VirusTotal scan report of the file in quetion.