Menu

#16 Missing some form of checksum for the download [md5 ??]

v1.0 (example)
open
nobody
validation (1) checksum (1)
9
2014-08-22
2014-08-22
mabra
No

Hi !

I just installed clam sentinel and, at it's start, it found itself as infected and removed itself :-(

Then I found the new version 1.22.
But the same thing happened.

I scanned both downloads with clamwin and it shows the
virus:

C:\Program Files\ClamSentinel\ClamSentinel.exe: Win.Trojan.Wpbrutebot-2 FOUND

The problem may be an already infected machine. But there is no way to verify this. On another machine - hopefully virus-free - the infection is not shown for this same download!

So, the download is probably the way, on which an already existing infection infects the actual download. May be NSA too.

The only way to ensure the integrity of the download is
some form of checksum, maybe MD5.

I really wish a fast response ;-)

Thanks anyway and best regards,

Manfred

Related

Support Requests: #16

Discussion

  • Andrea Russo

    Andrea Russo - 2014-08-22

    It's a false positive.
    Are two days that there is this problem, someone has added a signature in the virus database that accidentally detects ClamSentinel like a virus.
    The only way it's to add many false postive reports at this address:

    http://www.clamav.net/lang/en/sendvirus/submit-fp/

     

    • mabra

      mabra - 2014-08-22

      Hello !

      Thanks for your fast reply.

      I uploaded a false-positive.

      But my concern remains: If sombody - like NSA - modifies
      the download stream, there is no chance to detect it.
      Making and publishing a MD5 sum after each build is
      nearly free and the only secure solution. AV is about
      security.

      Thanks anyway and best regards,

      Manfred

      -----Original Message-----
      From: Andrea Russo [mailto:dynclient@users.sf.net]
      Sent: Friday, August 22, 2014 7:56 PM
      To: [clamsentinel:support-requests]
      Subject: [clamsentinel:support-requests] #16 Missing some form of
      checksum for the download [md5 ??]

      It's a false positive.
      Are two days that there is this problem, someone has added a signature in
      the virus database that accidentally detects ClamSentinel like a virus.
      The only way it's to add many false postive reports at this address:

      http://www.clamav.net/lang/en/sendvirus/submit-fp/

      ** [support-requests:#16] Missing some form of checksum for the download
      [md5 ??]**

      Status: open
      Group: v1.0 (example)
      Labels: validation checksum
      Created: Fri Aug 22, 2014 04:52 PM UTC by mabra
      Last Updated: Fri Aug 22, 2014 04:52 PM UTC
      Owner: nobody

      Hi !

      I just installed clam sentinel and, at it's start, it found itself as
      infected and
      removed itself :-(

      Then I found the new version 1.22.
      But the same thing happened.

      I scanned both downloads with clamwin and it shows the
      virus:

      C:\Program Files\ClamSentinel\ClamSentinel.exe: Win.Trojan.Wpbrutebot-2
      FOUND

      The problem may be an already infected machine. But there is no way to
      verify this. On another machine - hopefully virus-free - the infection is
      not
      shown for this same download!

      So, the download is probably the way, on which an already existing
      infection
      infects the actual download. May be NSA too.

      The only way to ensure the integrity of the download is
      some form of checksum, maybe MD5.

      I really wish a fast response ;-)

      Thanks anyway and best regards,

      Manfred

      Sent from sourceforge.net because you indicated interest in
      https://sourceforge.net/p/clamsentinel/support-requests/16/

      To unsubscribe from further messages, please visit
      https://sourceforge.net/auth/subscriptions/

       

      Related

      Support Requests: #16

      • Robert Scroggins

        Robert Scroggins - 2014-08-31
        1. Download only from reputable web sites.
        2. Verify downloads before installation by uploading the file(s) to Virus
          Total.
        3. MD5 hashes are okay, but they can be "broken" by good malware
          writers. SHA 1 or 256 are better. Clam AV is not yet set up for full use
          of SHA.

        Regards,

        On Fri, Aug 22, 2014 at 1:33 PM, mabra manfbraun@users.sf.net wrote:

        Hello !

        Thanks for your fast reply.

        I uploaded a false-positive.

        But my concern remains: If sombody - like NSA - modifies
        the download stream, there is no chance to detect it.
        Making and publishing a MD5 sum after each build is
        nearly free and the only secure solution. AV is about
        security.

        Thanks anyway and best regards,

        Manfred

        -----Original Message-----
        From: Andrea Russo [mailto:dynclient@users.sf.net]
        Sent: Friday, August 22, 2014 7:56 PM
        To: [clamsentinel:support-requests]
        Subject: [clamsentinel:support-requests] #16 Missing some form of
        checksum for the download [md5 ??]

        It's a false positive.
        Are two days that there is this problem, someone has added a signature in
        the virus database that accidentally detects ClamSentinel like a virus.
        The only way it's to add many false postive reports at this address:

        http://www.clamav.net/lang/en/sendvirus/submit-fp/

        Status: open
        Group: v1.0 (example)
        Labels: validation checksum
        Created: Fri Aug 22, 2014 04:52 PM UTC by mabra
        Last Updated: Fri Aug 22, 2014 04:52 PM UTC
        Owner: nobody

        Hi !

        I just installed clam sentinel and, at it's start, it found itself as
        infected and
        removed itself :-(

        Then I found the new version 1.22.
        But the same thing happened.

        I scanned both downloads with clamwin and it shows the
        virus:

        C:\Program Files\ClamSentinel\ClamSentinel.exe: Win.Trojan.Wpbrutebot-2
        FOUND

        The problem may be an already infected machine. But there is no way to
        verify this. On another machine - hopefully virus-free - the infection is
        not
        shown for this same download!

        So, the download is probably the way, on which an already existing
        infection
        infects the actual download. May be NSA too.

        The only way to ensure the integrity of the download is
        some form of checksum, maybe MD5.

        I really wish a fast response ;-)

        Thanks anyway and best regards,

        Manfred

        Sent from sourceforge.net because you indicated interest in
        https://sourceforge.net/p/clamsentinel/support-requests/16/

        To unsubscribe from further messages, please visit
        https://sourceforge.net/auth/subscriptions/

        Status: open
        Group: v1.0 (example)
        Labels: validation checksum
        Created: Fri Aug 22, 2014 04:52 PM UTC by mabra
        Last Updated: Fri Aug 22, 2014 06:16 PM UTC
        Owner: nobody

        Hi !

        I just installed clam sentinel and, at it's start, it found itself as
        infected and removed itself :-(

        Then I found the new version 1.22.
        But the same thing happened.

        I scanned both downloads with clamwin and it shows the
        virus:

        C:\Program Files\ClamSentinel\ClamSentinel.exe: Win.Trojan.Wpbrutebot-2
        FOUND

        The problem may be an already infected machine. But there is no way to
        verify this. On another machine - hopefully virus-free - the infection is
        not shown for this same download!

        So, the download is probably the way, on which an already existing
        infection infects the actual download. May be NSA too.

        The only way to ensure the integrity of the download is
        some form of checksum, maybe MD5.

        I really wish a fast response ;-)

        Thanks anyway and best regards,

        Manfred

        Sent from sourceforge.net because you indicated interest in
        https://sourceforge.net/p/clamsentinel/support-requests/16/

        To unsubscribe from further messages, please visit
        https://sourceforge.net/auth/subscriptions/

         

        Related

        Support Requests: #16

  • Andrea Russo

    Andrea Russo - 2014-08-22

    I have tried now and seems that the problem it's solved. Update the virus database and retry.

     

  • Robert Scroggins

    Robert Scroggins - 2014-08-31

    This is a false positive. I reported it to Clam AV some days ago. For the
    moment, the best way to verify any download is to scan it with Virus Total
    before you install it.

    Regards,

    On Fri, Aug 22, 2014 at 11:52 AM, mabra manfbraun@users.sf.net wrote:

    Status: open
    Group: v1.0 (example)
    Labels: validation checksum
    Created: Fri Aug 22, 2014 04:52 PM UTC by mabra
    Last Updated: Fri Aug 22, 2014 04:52 PM UTC
    Owner: nobody

    Hi !

    I just installed clam sentinel and, at it's start, it found itself as
    infected and removed itself :-(

    Then I found the new version 1.22.
    But the same thing happened.

    I scanned both downloads with clamwin and it shows the
    virus:

    C:\Program Files\ClamSentinel\ClamSentinel.exe: Win.Trojan.Wpbrutebot-2
    FOUND

    The problem may be an already infected machine. But there is no way to
    verify this. On another machine - hopefully virus-free - the infection is
    not shown for this same download!

    So, the download is probably the way, on which an already existing
    infection infects the actual download. May be NSA too.

    The only way to ensure the integrity of the download is
    some form of checksum, maybe MD5.

    I really wish a fast response ;-)

    Thanks anyway and best regards,

    Manfred

    Sent from sourceforge.net because you indicated interest in
    https://sourceforge.net/p/clamsentinel/support-requests/16/

    To unsubscribe from further messages, please visit
    https://sourceforge.net/auth/subscriptions/

     

    Related

    Support Requests: #16

Log in to post a comment.

MongoDB Logo MongoDB