From: SourceForge.net <no...@so...> - 2011-06-25 10:39:25
|
Support Requests item #3151296, was opened at 2011-01-04 18:20 Message generated for change (Comment added) made by bugstumbler You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=684731&aid=3151296&group_id=119701 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Installation Group: Windows Status: Open Priority: 5 Private: No Submitted By: bugstumbler (bugstumbler) Assigned to: Nobody/Anonymous (nobody) Summary: Virus alert on 4.1.0 Initial Comment: Antivir Personal alerts by this message: C:\ooRexx-4.1.0-windows.x86_64.exe [0] Archivtyp: NSIS [FUND] Ist das Trojanische Pferd TR/Hijacker.Gen --> ProgramFilesDir/[PluginsDir]/ooRexxProcess.dll [FUND] Ist das Trojanische Pferd TR/Hijacker.Gen Please check, perhaps recode and inform users. Thanks. ---------------------------------------------------------------------- Comment By: bugstumbler (bugstumbler) Date: 2011-06-25 12:39 Message: @Miesfeld: A company with approx. 9000 employees has no room for individuality, a virus/malware check either is ok or not ok. I your company-pc is found "contaminated", you have to fill out a painful questionnaire. And btw.: a admin tried to download from sourceforge and get a message about "infection". ´The company do not discuss the brands of their av / firewall software, but it's for sure, they use a enterprise version. Joe ---------------------------------------------------------------------- Comment By: Bruce (bjskelly) Date: 2011-06-24 21:07 Message: I just went to the Avira site and they have a procedure for reporting false positives. http://analysis.avira.com/samples/index.php Bruce ---------------------------------------------------------------------- Comment By: Bruce (bjskelly) Date: 2011-06-24 21:04 Message: It seems to me that the most straight forward path would be to ask Avira support to confirm their report of a virus. You can give them the url to sourceforge so they can get their own copy of ooRexx. Tell them that other virus checkers, and the vendors of ooRexx, claim that it is virus free. Once Avira support confirms that it is virus free, then your management should allow you to install the product. Avira support should be happy to do this because they want to eliminate as many false positives as possible. Virus checkers. 1. No virus checker will report 100% of all viruses. 2. Good virus checkers sometimes report false viruses. ---------------------------------------------------------------------- Comment By: frank (rexx-fan) Date: 2011-06-24 18:15 Message: Well, it is no A/V popularity contest. My 1st ooREXX x64 uninstall.exe "hit" was by an A/V software contained in the Googlepack, and because I didn't believe them I used the Virus Total online scan to get a 2nd .. 40th opinion. More than five scanners reported malware, the rest found nothing unusual. Maybe put an info on the oorexx.org site if you're sure that this is a phantom. ---------------------------------------------------------------------- Comment By: Mark Miesfeld (miesfeld) Date: 2011-06-24 17:56 Message: I don't believe the package has a virus. I believe that if it had a virus, one of the well-known antivirus packages would report it. None of them do. I believe that if the package had a virus, SourceForge would not have uploaded it to begin with. I don't believe that the free Avira product is better at detecting a virus than either the Norton or Kaspersky Lab enterprise products. -- Mark Miesfeld -- Mark Miesfeld ---------------------------------------------------------------------- Comment By: frank (rexx-fan) Date: 2011-06-24 17:05 Message: The Avira engine is the same in their commercial and business editions. The Virus Total scan of the x64 uninstall.exe reported several "hits", not only Avira -- I added an anonymous comment suggesting that this might be a false positive. With the unrelated second alert today I'm not more sure, do you try some extreme packing? Naive A/V software sometimes doesn't like that. OTOH I use Avira for almost a decade now, and that would be only the 2nd false positive for me in this time. ---------------------------------------------------------------------- Comment By: Mark Miesfeld (miesfeld) Date: 2011-06-24 16:45 Message: The report is a false positive. 1.) I have downloaded while the Antivirus was running; installed while the antivirus was running; and individual file scanned the Windows 4.1.0 executables with the following antivirus scanners: * Norton AntiVirus 2011, Norton AntiViruse 2010 * Norton Internet Security * Norrton 360 * Symantec Endpoint Protection (Enterprise) * •McAfee Total Protection for Secure Business * Kaspersky PURE Total Security * Kaspersky Security Applications for Enterprise Business None of these products reported a virus. Several of them are large scale enterprise products. They are all products that you pay a decent amount of money for. 2.) The only report I've seen of this comes from the free Avira Personal edition. A google search shows a large number of people reporting that the free Avira Personal edition has larger than usual number of false positives. It may be that the free Avira product is only worth what you pay for it. 3.) SourceForge virus scans the files on upload. They don't report a virus. ---------------------------------------------------------------------- Comment By: frank (rexx-fan) Date: 2011-06-24 13:13 Message: I can confirm the issue twice: (1) testing another A/V-software it reported the 4.1.0 win x64 uninstall.exe as infected, and several "virus total" online scanners agreed. At that time I disagreed, and uninstalled the tested A/V-software. (2) Today I intended to install 4.1.0 win x86 in a virtual PC, and the Avira x86 A/V software blocked the installation for a DLL (otherwise the same reported trojan). Now I think there are in fact at least two different infected files (one x64 + one x86). ---------------------------------------------------------------------- Comment By: bugstumbler (bugstumbler) Date: 2011-06-09 09:19 Message: Hi, Companys security officer prohibits installation of REXX 4.1 because of that virus/malware alert ! Please check it now and return a answer to me ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=684731&aid=3151296&group_id=119701 |