Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Avast false positives SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Avast false positives

We have received a number of reports of Avast Antivirus false positives (Thanks Ken, Don,  Luca & others).   With a recent update the Avast antivirus product have started identifying legitimate products as containing Win32-Dell-MZG.  The Avast forum is awash with some of the products that have been tagged, many of which are known to be good and have been functioning quite normally. 

The recommendation at the moment is to not reply delete or quarantine files as this may fry the product they belong to (a few readers are currently reinstalling applications).  As far as we know the files are consistently identified as Win32-Dell-MZG so if others pop up there is a fair chance that these are legit.



A new update was released fixing the issue.  091203-1.  If you haven't used your computer between 12:00am UTC and 5.50 am UTC, then you will receive the new update and you should be fine.  For those that were affected I recommend you keep an eye on the Avast blog as they are working on some how to's to help fix any issues. 



392 Posts
ISC Handler
Dec 3rd 2009
Win32:Delf-MZG is the actual detection. It seems to be flagging files made with Delphi.
Glad to see you post this. ;-)

I experienced this and did some digging around. Word is that they have now released (another) update to correct these 'false positives'.

Problem VPS file database version was 091203.

So far it appears to be corrected with 091203-1 which is now available by auto-update which can be manually started by 'RIGHT CLICK' avast icon, go to 'Program Settings', 'Update (Basic)', click on 'Update Now...'

Sign Up for Free or Log In to start participating in the conversation!