Gerald CombsEvery once in a while, an antivirus program pops up and says that Wireshark (and Ethereal before it) contains some sort of malware. This is a list of the reports we've received in reverse chronological order. So far, every single report has been a false positive.
-
Mar 2016: CLEAN MX, via hosting provider
-
Nov 2015: Wireshark and WinPcap installers
-
Jun 2012: WiresharkPortable.exe
-
Jan 2010: WiresharkPortable.exe
-
Jul 2008: zlib.dll (Secunia ISP is confused about the version we're using)
-
Feb 2007: Adware-Softomate.dll (primarily affected WinPcap)
-
Nov 2006: Sbus.dll
-
Jul 2006: Trojan.Zlob
-
May 2005: W32/haxdoor.ap@bd
-
Mar 2005: W32/Bancos.GL
-
Apr 2003: Family key logger
-
Jun 2002: Momma B
The Wireshark Windows installer uses NSIS, who maintain their own list.
A couple of Wireshark University training DVDs contain trace files with virus signatures. These pose no risk but can trigger false alarms.
Imported from https://wiki.wireshark.org/FalsePositives on 2020-08-11 23:13:58 UTC