kaspersky anti-virus tech, with a clue?

Jim Mercer jim at reptiles.org
Sat Nov 14 15:09:45 UTC 2009

it seems that kaspersky anti-virus is "detecting" our hotspot captive portal
login as a "Trojan-Downloader.Script.Generic".

my googling on this seems to indicate that it isn't finding so much a
signature, but something in the url that is "suspicious".

unfortunately, this is causing some fairly unhappy, panicing calls to our
support people from customers.

can anyone point me at a Kaspersky tech with a clue?  maybe we can re-craft
our login url to not offend the Kaspersky suite.

note: this hotspot suite has been in operation for 4+ years, and is based on
the chillispot portal.

note: these reports only started recently, so i suspect something was added to
Kaspersky's virus database recently that kicked this off.

Jim Mercer        jim at reptiles.org        +92 336 520-4504
"I'm Prime Minister of Canada, I live here and I'm going to take a leak."
   - Lester Pearson in 1967, during a meeting between himself and
    President Lyndon Johnson, whose Secret Service detail had taken over
    Pearson's cottage retreat.  At one point, a Johnson guard asked
    Pearson, "Who are you and where are you going?"

More information about the NANOG mailing list