/bitcoin.org

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Symantec Endpoint Deletes file with ws.reputation.1 error #978

Closed
FourthDr opened this Issue Jul 26, 2015 · 2 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@FourthDr @harding
@FourthDr

FourthDr commented Jul 26, 2015

Seems that Symantec has not seen this file and so thinks it is malware and deletes it.

https://bitcoin.org/bin/bitcoin-core-0.11.0/bitcoin-0.11.0-win32-setup.exe
Using Symantec Endpoint Protections 12x

I suggest you submit the file here: https://submit.symantec.com/false_positive/
@harding
Contributor

harding commented Jul 26, 2015

Filled out the form, although you may want to try filling it out too---they wanted information from the actual detection log that I couldn't provide them.

@harding harding closed this Jul 26, 2015

@harding
Contributor

harding commented Jul 27, 2015

Received this response (boilerplate removed):

In relation to submission [3828164].

Upon further analysis and investigation we have determined that the following file(s) meet the necessary criteria to be detected by our products and, as such, the detection(s) cannot be revoked:

   F8BAFABF2A8E986ECD978B01CE2FD23B - bitcoin_0.11.0_win32_setup.exe

I've verified that they're talking about the correct file:

$ md5sum bitcoin-0.11.0-win32-setup.exe 
f8bafabf2a8e986ecd978b01ce2fd23b  bitcoin-0.11.0-win32-setup.exe
$ sha256sum bitcoin-0.11.0-win32-setup.exe
7bb285e0a3d4648f799d5daa157ee755a7418b3aa9262d0f33508d7793c13d14  bitcoin-0.11.0-win32-setup.exe

I also verified that the sha256sum hash of the file Bitcoin.org is distributing is the same as the one in Wladimir's signed SHA256SUMS file (releases key 36C2E964) and the same one provided in several signed Gitian files.

cd gitian.sigs/0.11.0-win-signed
$ grep -r bitcoin-0.11.0-win32-setup.exe . | sed 's/out_.*!//' | column -t
./cdecker/bitcoin-win-signer-build.assert:-    '7bb285e0a3d4648f799d5daa157ee755a7418b3aa9262d0f33508d7793c13d14  bitcoin-0.11.0-win32-setup.exe
./cfields/bitcoin-win-signer-build.assert:-    '7bb285e0a3d4648f799d5daa157ee755a7418b3aa9262d0f33508d7793c13d14  bitcoin-0.11.0-win32-setup.exe
./fanquake/bitcoin-win-signer-build.assert:-   '7bb285e0a3d4648f799d5daa157ee755a7418b3aa9262d0f33508d7793c13d14  bitcoin-0.11.0-win32-setup.exe
./laanwj/bitcoin-win-signer-build.assert:-     '7bb285e0a3d4648f799d5daa157ee755a7418b3aa9262d0f33508d7793c13d14  bitcoin-0.11.0-win32-setup.exe
./luke-jr/bitcoin-win-signer-build.assert:     7bb285e0a3d4648f799d5daa157ee755a7418b3aa9262d0f33508d7793c13d14   bitcoin-0.11.0-win32-setup.exe
./michagogo/bitcoin-win-signer-build.assert:-  '7bb285e0a3d4648f799d5daa157ee755a7418b3aa9262d0f33508d7793c13d14  bitcoin-0.11.0-win32-setup.exe
./thrasher/bitcoin-win-signer-build.assert:-   '7bb285e0a3d4648f799d5daa157ee755a7418b3aa9262d0f33508d7793c13d14  bitcoin-0.11.0-win32-setup.exe

(For the Gitian files, I verified the signatures for the files signed by Wladimir (regular key 2346C9A6) and Luke (key 21F4889F) as I've previously assigned high probability to those keys belonging to the contributors going by those names.)

So I think we can be highly confident that Bitcoin.org is distributing the correct files.

The letter they sent me did not mention any appeal process, and I don't plan to follow up---but if anyone else does want to do that, please let me know if you need anything from me.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment