Re: Norton Antivirus seems to flag hdf5_hldll.dll as a virus in 32 bit 3.3.1

[Sidharth Kshatriya]

Some additional info about the warning for hdf5_hldll.dll:

File Thumbprint - SHA:

e6c263cd57d4efdaa33d8cccfb465d9e0c1126dd6e6d57b85ac88c1e197893ad

On Monday, 6 May 2013 13:01:58 UTC+5:30, Sidharth Kshatriya wrote:

Hi All,

WinPython is fantastic! Thanks Pierre for building such a flexible and portable distribution. It works perfectly! I just love having multiple versions of python installations living side by side without any problems!! 

I recently downloaded the 32 bit 3.3.1 version and Norton Internet Security seems to flag a dll as a threat.

Filename: hdf5_hldll.dll

Threat name: Suspicious.Cloud.7.F

Full Path: d:\winpython-32bit-3.3.1.0\python-3.3.1\lib\site-packages\tables\hdf5_hldll.dll

____________________________

Details

Unknown Community Usage,  Unknown Age,  Risk High

Origin

Downloaded from Unknown

Activity

Actions performed: Actions performed: 1

____________________________

On computers as of 03/05/2013 at 23:58:19

Last Used 03/05/2013 at 23:58:19

Startup Item No

Launched No

____________________________

Unknown

It is unknown how many users in the Norton Community have used this file.

Unknown

This file release is currently not known.

High

This file risk is high.

Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.

******************************************************************************************

Note that it does not say that it definitely a virus... rather says its a "Heuristic Virus".

Hopefully all is good and its just a false positive. Just wanted to let you guys know.

Can anybody investigate? Anybody else encountered this? 

Thanks,

Sidharth 

[Sidharth Kshatriya]

I submitted the file to symantec at https://submit.symantec.com/false_positive/ and got the following response:

Upon further analysis and investigation we have verified your submission and as such this detection will be removed from our products.
The updated detection will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.html
Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.
If you are a software vendor, why not take part in our whitelisting program?
To participate in this program, please complete the following form: https://submit.symantec.com/whitelist

Sincerely,
Symantec Security Response
http://securityresponse.symantec.com

So its a false positive indeed.

[Pierre Raybaut]

Thanks for taking action on this!

Cheers,

-Pierre

--
You received this message because you are subscribed to the Google Groups "WinPython" group.
To unsubscribe from this group and stop receiving emails from it, send an email to winpython+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.