Leythos wrote:

>In article <49013902.686249875@news.webtv.com>, awalker@nspank.invalid
>says...
>> Leythos wrote:
>>
>> >In article <9paMk.144919$ZW7.67669@fe10.news.easynews.com>,
>> >rotten@ronny.here says...
>> >> At this link
>> >> http://sourceforge.net/project/showf...kage_id=205228
>> >> this file bs2b_winamp-2.1.0-bin.zip comes up as a Trojan in the Avast scan.
>> >> I'm fairly certain it is a false positive but would appreciate if someone
>> >> would confirm that for me with a different AV scanner.
>> >>
>> >>
>> >Why wouldn't you download it from the vendors site?
>> >
>> >http://www.winamp.com/player
>> >
>> >SourceForge is not known for hosting malware, but why not get it from
>> >the vendors site instead?
>>
>> It looks like a plugin for Winamp and not Winamp itself.
>>
>> It's definitely a load of malware...
>>
>> http://www.virustotal.com/analisis/7...fec7f9cb34e228
>
>Thanks for letting me know. I thought sourceforge was a reputable
>download site, guess I'll have to scratch that one.

As with any repository there can always be something lurking that
hasn't been scanned properly, or was deposited before it was a known
problem. I take the position that anything downloaded from a third
party site should be considered a threat until thoroughly
investigated. Sourceforge is a great resource, and I think that it is
by an large a safe provider of services, but as always you have to
protect yourself when getting anything for free (or paying for it for
that matter.)

Sourceforge does have a form to submit security related incidents if
the OP would like to take the initiative...

http://sourceforge.net/tracker/?func...=1&atid=200001