False positive ?

[patclash]

Hi all,
I have an alert when I try to download "KernelEx v4.5.2.exe" from this site :
hxxp://kernelex.sourceforge.net/2011/11/kernelex-v4-5-2-released/

If I add the file in the exception , I can download it but if I scan it with Avast, it is be in quarantine  

My version of Avast is 6.0.1289
If you can have a look
 
Thanks

[Pondus]

what alert...alert on the site or the file ?

can you attach a screenshot of the avast warning


OK i guess it is on the file   



VirusTotal - KernelEx-4.5.2.exe - 2/41
http://www.virustotal.com/file-scan/report.html?id=b4d4e6475ecf5e3099c0807ba85340a07dabdf9ac0d77b9f03fa5c37312c321b-1321372344

[Asyn]

Blacklist status
Domain clean by Google Safe Browsing: kernelex.sourceforge.net - reference
Domain clean by Norton Safe Web: kernelex.sourceforge.net - reference
Domain clean on Phish tank: kernelex.sourceforge.net - reference

Sucuri
web site:    hxxp://kernelex.sourceforge.net/2011/11/kernelex-v4-5-2-released/
status:    Verified Clean
web trust:     Not Blacklisted

Security report (No threats found):
check       Blacklisted:      No
check   Malware:    No
check   Malicious javascript:      No
check   Malicious iFrames:    No
check   Drive-By Downloads:      No
check       Anomaly detection:      No
check       IE-only attacks:        No
check   Suspicious redirections:        No
check   Spam:   No

Looks clean for me, also no avast! alerts...!!

[patclash]

Here a screenshot :

 

[Pondus]

SOPHOS lab

thank you for the submission, this files are all not detection worthy, they are too weak

Some weak minor AV vendor detections:

Avast 6.0.1289.0 2011.11.15 Win32:SuspBehav-J [Heur]
GData 22 2011.11.15 Win32:SuspBehav-J

Seems to only run on windows 98/ME

This ticket will now be closed.

[polonus]

Hi patclash & Pondus,

Make that link not click through like hxtp or -http
I get an alert from my XSS detector for a chromeplugin XSS attack. The link is the attack vector there,

polonus