這是一位住在比利時的朋友所寫的一篇網客(weblog)針對親身碰到了誤報所寫的經驗
===============================================================
http://rijmenants.blogspot.com/2008/07/false-positive.html
Saturday, July 12, 2008
False Positive
When I ran my regular virus scan this morning I was stunned by the report that several files were infected (Exploit.PHP.Userpic.a), of which one in the installation zip of the popular Enigma Sim, available as download on my website. The same file was also infected in the source code folder as well as my own installation folder!
這個早晨當我做定時掃描電腦病毒時對掃毒報告感到驚訝,報告指出有些檔案已被感染到病毒(Exploit.PHP.Userpic.a),其中感染到的檔案包含了大眾可以從我的網頁可以下載的Enigma Sim的安裝檔
案. 安裝資料夾和源碼資料夾也同樣被感染到了!
Not taking any risk, and since the software is downloaded many times each day, I immediately created a new installation and zip. As it turned out later, lots of work for nothing. I already found it strange that even old CD's, which cannot get overwritten, were also infected. After contacting
F-Secure I received the confirmation that it was a false positive and the error was fixed in the new anti-virus update. After I checked some forums it seems
Kaspersky AV also had the same problem.
避免任何的風險,以及自從這軟體已經每天都被下載了相當的次數,我立刻建立了新的安裝程式以及壓縮檔.當所有的工作搞定後卻是白忙一場.我已經發現到怪異之處---即使已經不能再更改的光碟檔也被爆出感染報告.聯絡F-Secure之後我收到回覆,她們確認這是個誤報以及這錯誤在新的反毒更新中更新.稍後我瀏覽了一些論壇看到Kaspersky反毒也有相同的問題出現.
Nice to know that my carefully scanned and published software is clean, but this doesn't do any good to your credibility if someone downloads from your website and runs into a wrong virus alert. I can imagine that some commercial firms aren't that happy if they are wrongly 'accused' of downloading viruses onto your computer. It's a bit like being wrongly accused, jailed and then set free. Damage done.
很高興的知道我仔細掃描過和公佈過的軟體是乾淨的,但假如有人從你的網頁下載了你的軟體然後跑出錯誤的病毒警報,這樣子會對你的信用可沒多好.我能想像到一些商業公司對這些錯誤地的"指控"說你電腦下載到病毒了有多不高興.這有點像在法庭被錯誤指控,關進監獄裡,然後被放出來.傷害就這樣造成了.
I must say that my e-mail to F-Secure was answered within 15 minutes, apologies inclusive, and indeed, about one hour later the new AV database update no longer reported my precious files as infected. So, no complaints here. But this shows how vulnerable our modern Internet society has become, not only for viruses, but also for these false positive alerts and the consequences that can follow. It has cost my about one and a half hour of recompiling the code, creating installs, uploading, adding apologies to the concerned web page, changing these apologies again, etc etc. All for nothing! Fortunately it's freeware, and I'll be just as poor as I was before. But I can imagine some people lose customers thanks to a virus that doesn't exist.
我必須要說我寄給F-Secure的電郵在十五分鐘內被回覆,包含了道歉,以及必需要做的事,大約一小時後新的反毒資料庫更新後不再報告我重要的資料說被感染到了.所以到此為止我沒啥抱怨.但是這顯示出了我們的網際網路社會有多麼脆弱,不只是電腦病毒,也對這些假警報和報告後的後果.這已花了我大約一到一個半小時的時間做重組源碼,建立安裝檔,上傳,在網頁上寫道歉啟事,更改道歉啟事,等等,等等,等等...全都白費工夫了!幸運地這是個免費軟體,以及我還會是老樣子清貧.但我可以想像有些人因從未存在的病毒而失去顧客.
At the end, visitors on my website will all know by now that I regularly scan my stuff and make sure nothing gets infected. They can download without fear, as before!
最後,我網站的遊客將會知道我很定時地掃描我的東西,以及確認不會有半點檔案被感染.她們可以和以前一樣下載時不必提心吊膽!
Update: I noticed that many visitors landed on my weblog, searching for information about "Exploit.PHP.Userpic.a". To all people that are affected by this nasty thing, one advice: contact your AV provider and send him the infected file (zipped). I don't have any idea how many and which type of files are false positive and which are actually infected, but I'm sure the Exploit things exists (otherwise they didn't searched for it), so never assume it's always false alarm.
更新: 我注意到有很多看我的網客的人搜尋關於"Exploit.PHP.Userpic.a"的資訊.對所有被這可笑的玩意影響到的人們一個建議:聯絡你的反毒軟體提供者和傳給他們(壓縮的)感染檔案.我不曉得有多少以及有哪些種類檔案是誤報還是真的被感染到了,但我很確認驚人的東西是存在的(除此以外他們多半沒去掃描),所以永遠別假定這是假警報.
