David H. Lipman wrote:

>From: "Andy Walker" <awalker@nspank.invalid>
>
>
>| Do you have any further info about the "Mass false positive"? I'm
>| interested in what would have caused so many vendors to determine that
>| the file was malicious.
>
>| Best regards,
>| Andy
>
>That is a good question and may be hard to answer. The file in question is a Bauer
>stereophonic-to-binaural DSP and was not malicious.
>
>What *may* be the case here was software that is used to automatically detect malware in
>suspect files used by anti malware vendors. It was only after examination of the source
>code, dissasembly and full examination by human researchers was the file deemed non
>malicious and the signatures indicating otherwise were removed.
>
>I can't say directly why this happened. I can say that I reorted the file in a closed
>forum where researchers were able to specifically examine the file and one person
>championed the cause to have the False Positive declarations removed.

It would be interesting to see the origination of the signature
involved and find out what the original target of the signature was,
but I know that is unlikely to happen in an open forum...so I won't
ask. ;-)

Thanks for the info and thanks for helping validate the plugin - which
appears to be useful free tool.

Regards,
Andy