[Dibbler] False virus detection in dibbler-0.8.2-win32.exe by Kaspersky antivirus

Tomasz Mrugalski thomson at klub.com.pl
Wed Sep 19 18:52:00 CEST 2012

I got a note from Peter Verhage that the latest version of Kaspersky
anti-virus reports a virus in dibbler-0.8.2-win32.exe. The
exact file reported as offending is dibbler-requestor.exe.

I have reported the issue to Kaspersky labs and they promptly confirmed
that this is a false positive. See their response below.

Furthermore, guys that run softpedia (a free/open/trial software hosting
site) independently scanned 0.8.2 against viruses and they haven't found
any. Their report is available here:

That file is safe to use.

Thank you, Peter, for reporting this issue.


-------- Original Message --------
Subject: Re: [VirLabSRF][False alarm on a web resource][M:1][LN:EN][L:0]
Date: Wed, 19 Sep 2012 19:14:29 +0400
From: <newvirus at kaspersky.com>
To: <tomasz.mrugalski at edited>


Sorry, it was a false detection. It will be fixed in the next update.
Thank you for your help.

Regards, Ivan Akimov,
Virus Analyst

"10/1, 1st Volokolamsky Proezd, Moscow, 123060, RussiaTel./Fax: + 7
(495) 797 8700 http://www.kaspersky.com http://www.viruslist.com"

From: tomasz.mrugalski at edited
Sent: 19.09.2012 0:50:00
To: newvirus at kaspersky.com
Subject: [VirLabSRF][False alarm on a web resource][M:1][LN:EN][L:0]

LANG: en
email: tomasz.mrugalski at edited
I"m a developer of a Dibbler software. It is an open-source (GPL) DHCPv6
implementation. I got a report from a user that one file
(http://klub.com.pl/dhcpv6/dibbler/dibbler-0.8.2-win32.exe) contains a
virus Trojan.Win32.Llac.csiy. I have downloaded the latest trial version
of Anti-Virus 2013 (version and updated virus database
today (2012-09-18).

The dibbler-0.8.2-win32.exe file is an installation file, made with
InnoSetup installation software. It installs 4 binaries:
dibbler-server.exe, dibbler-client.exe, dibbler-relay.exe and
dibbler-requestor.exe. These are basic DHCPv6 components.

The infected file is reported as dibbler-0.8.2-win32.exe//data0017. When
the software is installed, Kaspersky AV reports that virus is present in

I do not believe that file to have any viruses. All 4 components were
compiled at the same time, so if my developer workstation were infected,
it would infect all four. If you want to investigate the file, you can
find source codes for it here:
http://klub.com.pl/dhcpv6/dibbler/dibbler-0.8.2.tar.gz. Those files were
built using MS Visual Studio Express 2008.

Please let me know if you need further information.

Tomasz Mrugalski,
Dibbler developer

More information about the Dibbler mailing list