www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 12187] New: VisualD-v0.3.37.exe on DSource falsely reports as virus

reply d-bugmail puremagic.com writes:
https://d.puremagic.com/issues/show_bug.cgi?id=12187

           Summary: VisualD-v0.3.37.exe on DSource falsely reports as
                    virus
           Product: D
           Version: unspecified
          Platform: All
        OS/Version: Windows
            Status: NEW
          Severity: normal
          Priority: P2
         Component: VisualD
        AssignedTo: nobody puremagic.com
        ReportedBy: neil.bryant gmail.com


--- Comment #0 from Neil <neil.bryant gmail.com> 2014-02-16 19:09:31 PST ---
Didn't know where to put this, but I thought I'd let you know.

Report is below. Note that I do *not* get a report on
github.../D-Programming-Language/../VisualD-v0.3.37.exe (although apparently
the files are the same according to hash)

Also, scanning the exe with 36 scanners at VirScan.org shows nothing.

--------------------

WARNING: ProxyAV has detected a virus/PUS in this
file!

File has been dropped.

ProxyAV Administrator: unknown

2014-02-17 01:11:38+00:00UTC
Hardware serial number: 2609081007
ProxyAV (Version 3.5.1.1(111017)) - http://www.BlueCoat.com/
Antivirus Vendor: Sophos, Plc.
Scan Engine Version: 3.50.1
Pattern File Version: 4.97.6308063.959295994 (Timestamp: 2014/02/16 19:24:00)

Machine name: bv08aztmpe
Machine IP address: 151.151.108.136
Server: 208.78.103.206
Client: 113.1.19.123
Protocol: ICAP

Virus/PUS: "Mal/EncPk-XF" found!
URL:
hxxp://www.dsource.org/projects/visuald/browser/downloads/VisualD-v0.3.37.exe?format=raw&FixForIE=.exe

-- 
Configure issuemail: https://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Feb 16 2014
next sibling parent d-bugmail puremagic.com writes:
https://d.puremagic.com/issues/show_bug.cgi?id=12187


Rainer Schuetze <r.sagitario gmx.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |r.sagitario gmx.de


--- Comment #1 from Rainer Schuetze <r.sagitario gmx.de> 2014-02-26 23:23:30
PST ---
The false alarms were raised after I added file monitoring to find linker
dependencies. This uses DLL injection, a technique probably also used by
viruses.

I have tried to disuise this functionality a bit and the installer now passes
most checkers. Try it with beta4:
https://github.com/D-Programming-Language/visuald/releases/tag/v0.3.38beta4

-- 
Configure issuemail: https://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Feb 26 2014
prev sibling parent d-bugmail puremagic.com writes:
https://d.puremagic.com/issues/show_bug.cgi?id=12187



--- Comment #2 from Neil <neil.bryant gmail.com> 2014-03-07 12:34:21 PST ---
Even our sketchy web proxy thinks this file is OK =]

Note, though; I didn't have issues with .37 on github; only the one linked on
DSource. The top search result for 'VisualD' is
http://www.dsource.org/projects/visuald

That page points to
http://www.dsource.org/projects/visuald/browser/downloads/VisualD-v0.3.37.exe?format=raw&FixForIE=.exe

That was the only file I had a false report with.

-- 
Configure issuemail: https://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Mar 07 2014