Generic packaging detections can be confusing, but often aren't actually false positives.
Packagers are ways to combine files into an easy to distribute single file. A zip file is an example of what a packager does...combines a bunch of files and compresses it into a single file for distribution. Zip, RAR, ACE, GZ, TAR...these are all examples of what a packager does.
There are *tons* of packagers out there for people to use, each with their own pluses and minuses. Generally speaking, however, there are only a small handful of packagers that are used by most of the software vendors, both open and closed source. This leaves a ton of unused packagers for threat writers to choose from.
AutoProtect doesn't scan within compressed files. A packaged file is a compressed file...so, we don't scan within it. We do this to help limit the amount of resources AutoProtect uses to scan with...and it's my understanding that most of our competitors do this as well. The thought behind not scanning within compressed files is that if a compressed file containing a threat is on the box, it's okay, because as soon as something tries expanding that threat file from within the compressed file, AutoProtect will scan the "new" file, see it as viral and flag it.
AutoProtect *does* scan the compressed file itself, just not the contents. Think of mailing a package...the person you hand the package to at the post office gives it a cursory glance to make sure everything looks okay, but they don't open it to make sure it doesn't contain something it shouldn't. Later down the line it gets X-Ray'ed for just such a detection.
(Not a perfect analogy, but hopefully it helps to clarify)
So, back to packagers. We get a lot of submissions, and we look at a lot of files, both infected and not. We recognized, early on, that 99.9% of the files we saw packaged with the "other" packagers were viral. Once in a blue moon we'd find one that was completely legitimate, but most of the time they were viral. As we looked closer and closer at the packagers, we found that it seemed like it was mostly the people that use these obscure packagers were people packaging threats to try to get past our scanners.
There was a business decision made at some level to flag these "other" packagers as viral. All in all, we've gotten very few false positives as a result, and we've caught all sorts of threats trying to get into systems.
As always, if you feel the file that was detected is actually clean, submit it via our online submission process, then contact support so that we can get a developer to double check the file. If it's found to be clean, your submission can help us refine the definition for that packager further.
Also, please understand that we are not faultless. We've seen packager detections on some of our in-house support applications that we hand out to literally hundreds of customers every day. :p