Ian Goldberg wrote:
Although, as Lucky pointed out, virus checkers et al. are indeed regulated for export from the US, and putting software up for ftp or WWW is considered export, the EAR does _not_ apply to "publicly available" software (732.2(b)(1)). Software is publicly available "when it is available for general distribution either for free or at a price that does not exceed the cost of reproduction and distribution" (734.7(b)).
Therefore, it would seem that, as long as the security software on your ftp or WWW site is free of cost, it is OK to keep it there. Commercial security software, however, remains export-restricted.
I can't believe that there's no one taking advantage of this to make a 'shareware' version of their software available, and having available, for export and sale, an 'enabler' to bring it to full functionality. I know that this was done in the past, by several small companies in southern California, but perhaps on a larger issue, such as this, the Feds would slam the door quickly on what they would surely regard as a 'loophole'.