You are here

LibreOffice Portable 3.6.1 contains a virus according to F-Secure in icudt49.dll Gen:Trojan.Heur.LP.@p8@aSMzhP

2 posts / 0 new
Last post
whoosh
Offline
Last seen: 10 years 2 months ago
Joined: 2012-04-18 06:16
LibreOffice Portable 3.6.1 contains a virus according to F-Secure in icudt49.dll Gen:Trojan.Heur.LP.@p8@aSMzhP

WTF ?

3D1T0R
3D1T0R's picture
Offline
Last seen: 1 year 4 months ago
Developer
Joined: 2006-12-29 23:48
False Positive; Heuristics (they guess wrong a lot):

Hi Whoosh,
    This is a False Positive, and if it has not already been rectified by updates to F-Secure, it should be reported to them via the upload form on Analysis.F-Secure.com (be sure to mark it as a "False Positive").
Note: To report false positives to Anti-Virus venders please refer to the lists of reporting mechanisms gathered by Chris Morgan and Gord Caswell.

    There are two ways that an Anti-Virus solution can check for viruses, the standard is to check a file for certain "Signatures", of which the A/V software has a DataBase, the other is called Heuristics, which is what the "Heur" in the "Virus"’s Name/Description String you've included in your post is short for, indicating that this "Virus" is thought to be a virus by it's heuristic virus detection algorithms.

Google defines it thus
Heuristic (heu·ris·tic)
1.     … [The First Definition does not directly apply to computational algorithms] …
2. Proceeding to a solution by trial and error or by rules that are only loosely defined

Heuristic virus detection algorithms can not tell if any file is or is not a virus, they only make a guess; this is why most if not all Anti-Virus Software uses them only as a secondary virus detection system (and generally allow en/dis-abling heuristics per user preference).

Any time you see a "Virus" detection with a Name/Description String including "Heur" (F-Secure), "Artemis" (McAffee), or "Suspicious" in Norton, it's just a guess, and should be "taken with a grain of salt".

The Support Page details the following informationSome false positive reports occasionally pop up in different antivirus products in conjunction with software. This is partially due to the compression and portablization techniques used and partially due to a failure of some antivirus companies to fully test their virus definition updates before sending them out to users. If you encounter a false positive, please test the file in another antivirus product before reporting the issue to us in the forums to ensure that it's not an error in their software. Several companies make available online scanners for individual files, so you won't even have to install software (virustotal.com, Jotti). You can also use ClamWin Portable. Thanks for your help.

~3D1T0R

Log in or register to post comments