antivirus companies put in their database both real malicious code (virus, worms, malware and so on) and proof-of-concpets or exploits.
a proof-of-concept is a code which allows to test a specific vulnerability in a specific software (like the security bugs I found in the past), it's totally harmless and it's ever open source because it must not only verify the security problem but also showing what it does technically.
it's not clear why the antivirus companies decide to put in their databases also harmless code but luckily some of them have the "good sense" of classifying it as "exploit" which so specify that it's not malicious (at least not for the user who runs it).
so if you see tags like "exploit", "luigi" or "auriemma" (yeah I have entire categories for me) don't worry, it's all perfectly genuine.
and as usual, all my stuff is open source so you can read, modify and recompile the source code as much as you want and in any moment.
in addition there is also a thread on this forum where are showed the various silly things done by antiviruses:
antiviruses-hall-of-shame-t273.html
