Hello, I'm a form developper, and all my .pdf forms raises a warning by McAffee GW Edition.
I scanned that .pdf on VirusTotal, and out of 44, only 2 antivirus raises warning, McAffee GW Edition and eSafe.
Where can I send this file so that someones doublecheck that heuristic and fixes it so that my users do not get a warning anymore ?
That's the detection from McAfee GW-Edition. It corresponds to an Artemis detection - "Artemis!3639F34AD463".
GW-Edition is a Corporate product, and this post is in the Consumer section. Since there's an equivalent Artemis detection though it's been moved to that section where someone will pick it up and respond.
Edit - I can only find one VirusTotal test showing this, done on September 12th, which showed 29 out of 41 products detecting a potential problem.Message was edited by: Hayton on 05/10/12 15:41:31 IST
Artemis!3639F34AD463 is a valid hit. However, not all detections from Gateway product can be related to an Artemis detection. We recommend you to submit the sample files to us so we can investigate this in right direction. Sample submission procedures are explained here. Submitting through e-mail should be suitable in this case. Kindly provide us the submission ID which will be provided to you on making a successful submission.
Thanks for submitting the sample file, it has been reviewed and the 'Heuristic.BehavesLike.PDF.Exploit-BAY.O' detection suppressed. The supression will be included in the next DAT update.
Thank you Nick, indeed this morning, no more false warning on the submitted pdf, and on simlar ones.
But I still have one form that triggers a false positive.
I just sent it: the new case number is:
Read: 7260381 - False positive (again !)
Thanks for the confirmation, the form has been reviewed and whitelisted, it should also not be detected after the next DAT update.