|
That's not really true. All AV companies will generate a False Positive declaration at one time or another. Right now it looks like the latest Symantec signatures have a False Positive declaration for the "Backdoor.Graybird". It all depends on what the AV company focuses on and what they will define as the signature of an infector. Since the VBS/Psyme exploits the "ADODB.Stream" it can be hard to differentiate a code for nefarious purposes vs. normal coding. McAfee will tweak the signature and it should not flag the UDF.
At this time, I haven't receved feedback from McAfee/AVERT.
| 
