#1990 configure generated conftest.exe is detected as a trojan virus

OTHER
closed
nobody
None
Support
invalid
Unknown
False
2015-01-09
2013-06-14
No

Environment

MinGW version: 3.20
Operating system: Windows 7

$ gcc -v
Using built-in specs.
COLLECT_GCC=C:\MinGW\bin\gcc.exe
COLLECT_LTO_WRAPPER=c:/mingw/bin/../libexec/gcc/mingw32/4.6.2/lto-wrapper.exe
Target: mingw32
Configured with: ../gcc-4.6.2/configure --enable-languages=c,c++,ada,fortran,objc,obj-c++ --disable-
sjlj-exceptions --with-dwarf2 --enable-shared --enable-libgomp --disable-win32-registry --enable-lib
stdcxx-debug --enable-version-specific-runtime-libs --build=mingw32 --prefix=/mingw
Säiemalli: win32
gcc-versio 4.6.2 (GCC)

$ ld -v
GNU ld (GNU Binutils) 2.22

MinGW Version
define __MINGW32_VERSION           3.20
define __MINGW32_MAJOR_VERSION     3
define __MINGW32_MINOR_VERSION     20
define __MINGW32_PATCHLEVEL        0

$ uname -a
MINGW32_NT-6.1 "hostname here" 1.0.17(0.48/3/2) 2011-04-24 23:39 i686 Msys

Problem description

When compiling a program, configure script generates a conftest.exe which is detected as a trojan virus.

Minimal self contained testcase

Following instructions at URL:
http://ftimes.sourceforge.net/Files/Recipes/pcre-compile-mingw.txt

$ pwd
/c/Data/Downloads/FTimes/pcre-8.33

$ ./configure --disable-cpp --disable-shared --enable-newline-is-anycrlf --enable-utf8 --enable-unicode-properties

After this, conftest.exe appears quickly and virus detection quarantines it.

Tested program (with these flags) is pcre-8.33.zip and pcre-8.31.zip. From PCRE, maintainer has checked the MD5 sum of the files as correct. PCRE does not contain a virus. It has to be a test configure uses or from object files included from libraries.

Trojan presumption is detected by heuristic tests and the ID of the possible virus can be read from attachments below.

Other detailed descriptions

conftest.c -files copied from user altered configure -script seemed to contain only normal header inclusions.

Bug is reported with usable attachments also in url
http://bugs.exim.org/show_bug.cgi?id=1365

From there, following attachments can be downloaded:
- screenshot of detection
- Binutils objdump of conftest.exe
- PDF-report from Virustotal.com analysis, different virusscanners results

Discussion

  • Keith Marshall

    Keith Marshall - 2013-06-14
    • Description has changed:

    Diff:

    --- old
    +++ new
    @@ -1,4 +1,3 @@
    -
    
     ### Environment
    
    • Group: MSYS --> OTHER
    • Type: Bug --> Support
    • Resolution: none --> invalid
     
  • Keith Marshall

    Keith Marshall - 2013-06-14

    This is not a MinGW bug. If it is a bug, at all, then it's in your AV product; more likely it's just a false positive, (which you may wish to report to your AV provider, in any case). Alternatively, you may wish to report it to the providers of the upstream code you are building.

    FWIW, we recommend that you disable AV scanning on your build directories, to avoid such transient annoyances, but ultimately, it depends on the level of trust you place in the providers of the packages you are building.

     
  • Keith Marshall

    Keith Marshall - 2013-06-14
    • Description has changed:

    Diff:

    --- old
    +++ new
    @@ -1,4 +1,3 @@
    -
    
     ### Environment
    
    • status: unread --> closed
     
  • Earnie Boyd

    Earnie Boyd - 2013-06-14
    • Description has changed:

    Diff:

    --- old
    +++ new
    @@ -1,9 +1,9 @@
    -
     ### Environment
    
     MinGW version: 3.20
     Operating system: Windows 7
    
    +~~~~~
     $ gcc -v
     Using built-in specs.
     COLLECT_GCC=C:\MinGW\bin\gcc.exe
    @@ -27,7 +27,7 @@
     $ uname -a
     MINGW32_NT-6.1 "hostname here" 1.0.17(0.48/3/2) 2011-04-24 23:39 i686 Msys
    
    -
    +~~~~~
    
     ### Problem description
    
    @@ -41,10 +41,12 @@
     Following instructions at URL:
     http://ftimes.sourceforge.net/Files/Recipes/pcre-compile-mingw.txt
    
    +~~~~~
     $ pwd
     /c/Data/Downloads/FTimes/pcre-8.33
    
     $ ./configure --disable-cpp --disable-shared --enable-newline-is-anycrlf --enable-utf8 --enable-unicode-properties
    +~~~~~
    
     After this, conftest.exe appears quickly and virus detection quarantines it. 
    
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks