I received an alert the file FilMsg.exe. and I'm 99% sure it's a false positive (and have already submitted the file to Avast Virus Lab). But I'm wondering why Avast gives me two completely different responses for the same file. Here's the text of the submission I sent to the Virus lab:
I get a "Virus Found" alert, being told that the infection is Win32:Evo-gen [Susp]
This is a file from 2006 (from a firewall program FilSecLab), that I've used continuously since that time. I extracted a copy of the same file from a backup made about 4 months ago, and it also generates the same alarm (yet until today, I've never received an alert for this file). I also ran a file comparison program, and my 4 month old version of the file is byte-for-byte identical with the current one.
I submitted the file to Jotti and VirusTotal, with a clean bill of health from both.
Finally (and strangely), if I right-click on the file and scan with Avast, I get a "NO THREAT FOUND" response. I don't understand why some routine of Avast thinks this is a suspicious file, yet explicitly scanning it results in no threat response.
Note the last paragraph in boldface - this is what is confusing me. Any ideas why this happens?
So I've currently included the file in my list of exclusions, but since it is an .exe and could potentially become actually infected in the future, I'd rather not keep it excluded forever. I seem to remember reading that submissions to Virus Labs rarely get a response back to the user, but I would hope that even if they don't respond, they'll fix the false positive. If so, any idea how long it normally takes then to update the definitions to fix this (if it is actually a false positive)?