INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: McAfee antivirus detecting library field file as trojan....  (Read 2195 times)

hakuin

  • Regular Member
  • World Citizen
  • ***
  • Posts: 130
  • Old pond, leap-splash-a frog.
McAfee antivirus detecting library field file as trojan....
« on: March 24, 2008, 12:54:32 pm »

Hi,

I am using MC 12.0.451.  Recently, my McAfee anti-virus program started detecting an MC temp file "field (episode url).jmd.tmp" as a Trojan, and removing it.  I've pasted the detection message below, as well as McAfee's description of it.  There is no way to disable the message or tell virus software to ignore that MC folder.  Any ideas for how to stop this from happening?


MESSAGE THAT POPS UP
Detection nameExploit-ObscuredHtml (Trojan)
File: C:\Documents and Settings\user\Application Data\J River\Media Center 12\Library\field (episode url).jmd.tmp
Process:  C:\Program Files\Media Center 12\Media Center12.exe
Process Description: Media Center

MCAFEE DESCRIPTION
Virus Characteristics
Microsoft Internet Explorer ignores certain non-ascii characters, allowing an attacker to obfuscate malicious code and still have it rendered by IE. This detection covers HTML documents that have been crafted with the intention of evading antivirus detection.  Other documents that mix HTML with non-ascii characters could also trigger this detection.
Logged

Matt

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 42344
  • Shoes gone again!
Re: McAfee antivirus detecting library field file as trojan....
« Reply #1 on: March 24, 2008, 01:00:22 pm »

McAfee is wrong.

A temporary data file used by an application should be able to contain any sequence of bytes, HTML, etc..  It is never given to IE, so it's irrelevant if IE would choke on the file.
Logged
Matt Ashland, JRiver Media Center

hakuin

  • Regular Member
  • World Citizen
  • ***
  • Posts: 130
  • Old pond, leap-splash-a frog.
Re: McAfee antivirus detecting library field file as trojan....
« Reply #2 on: March 24, 2008, 01:41:51 pm »

Hi Matt,

Thanks for your reply.  I had no doubts that the MC file is fine, and McAfee is being trigger happy.  :) That said, this unwarranted detection is going to happen to some/all MC users who also use this same version McAfee antivirus software.  Is there any recourse for us, other than clicking through the alert every few hours (not a huge deal, but annoying), or disabling all alerts (not a great idea, it's probably a good idea to stay informed about real detections)?

Lee
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72413
  • Where did I put my teeth?
Re: McAfee antivirus detecting library field file as trojan....
« Reply #3 on: March 24, 2008, 01:43:03 pm »

Please contact McAfee.  They should be able to help.  We'll cooperate if they need our help.
Logged

hakuin

  • Regular Member
  • World Citizen
  • ***
  • Posts: 130
  • Old pond, leap-splash-a frog.
Re: McAfee antivirus detecting library field file as trojan....
« Reply #4 on: March 24, 2008, 01:45:07 pm »

Yikes... they are awful...into the black hole that request would go. :)

What is the field "episode url"?  Is it something that I could avoid using, or avoid being re-created during use?
Logged
Pages: [1]   Go Up