Menu
▾
▴
[OpenOCD-user] Windows binaries from freddiechopin.info falsely flagged as infected by some virus scanners
|
From: Freddie C. <fre...@op...> - 2015-02-05 09:01:03
|
Hello! Yesterday one visitor of my website (who intended to use my OpenOCD binaries) informed my that his virus scanner flagged the latest 32-bit Windows binary of OpenOCD (development version from November) as infected with malware. It turns out that indeed some scanners detect malware or trojan in the 32-bit OpenOCD binary... In the online scanners that I checked the detection is marked as "heuristics", so it's indication of a false positive for me. I think this may have something to do with the fact that OpenOCD does a lot of (probably) uncommon things - it opens sockets, it interacts with system drives or even directly with hardware (parallel port), etc. I checked with this tool - https://www.metascan-online.com/ and one of 42 scanners detects "something" ( Trojan.Win32.Heur.Gen) in the most recent version, the previous one, 0.8.0, and even 0.6.1 (compiled over 2 years ago!) - my system was reinstalled multiple times between these releases. I bet you'd get the same result from almost all the OpenOCD files from my website... The interesting thing is that this person's virus scanner (F-secure) flags only the latest version - all others are declared "clean"... Most recent packages were compiled on "standard" Arch Linux, all of the tools come from Arch Linux repositories (majority from official, some from AUR), most of the libraries come from the same repositories, with the only exception of libusb-win32, which I compiled from source (using the tools mentioned above). Source code of OpenOCD always comes directly from official OpenOCD repository, some packages have patches from Gerrit (there are exactly two such packages) - there are no other patches applied to the source code. The 64-bit OpenOCD binary is compiled using the same tools and the same source and nothing is detected there... If the md5 checksum of the package matches the info from the download section, then the packages were NOT tampered with. Regards, FCh |
