Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Antiy-AVL detects false positive Trojan/Win32.SGeneric in PHP 5.5.8 binaries #122

Closed
GoogleCodeExporter opened this issue Aug 28, 2015 · 4 comments
Closed

Antiy-AVL detects false positive Trojan/Win32.SGeneric in PHP 5.5.8 binaries #122

GoogleCodeExporter opened this issue Aug 28, 2015 · 4 comments

Comments

@GoogleCodeExporter
Copy link 

See virustotal results for PHP Desktop Chrome with PHP 5.5.8:

https://www.virustotal.com/en/file/d6e1fe7492a8c2d4c5c77373191187a0d25d7a2faeb89
18b63cf2affe15d908b/analysis/

Scanning PHP Desktop Chrome with PHP 5.4.24 is OK, no trojan detected by 
Antiy-AVL:

https://www.virustotal.com/en/file/a8ae6bea7e0b6e6b683731e2f32541f3302c401abfff1
caac655591352a31aa1/analysis/1412325034/

The OpenSSL shared library libeay32.dll (version 1.0.1.5) that is shipped with 
PHP 5.5.8 is detected as trojan by Antiy-AVL:

https://www.virustotal.com/en/file/5bdec91545de2ced4b3d8822ff8420170bb9aa24a978b
e23b01f0d6cb5a2baed/analysis/1412325917/

Also when scanning files individually, Bkav antivirus is detecting 
VEX2819.Webshell false positive virus in "php.ini-development" and 
"php.ini-production" files:

https://www.virustotal.com/en/file/67e7bb161d400b688b11e39f63ce003442237afe2c5b2
7330121099834a27f4f/analysis/1412326051/

https://www.virustotal.com/en/file/7affa08c031da13014d5b81c60d6f74e3a28fd0e5037f
c5165853c4e5d8f934b/analysis/1412326059/

-- --

We may try to use UPX compressor on the libeay32.dll to get rid of this false 
positive, a solution found here:

https://groups.google.com/d/topic/virustotal/auT8zwyBIqY/discussion

Or maybe upgrading to a newer version of PHP 5.5 will get rid of the problem.

We may also want to delete the php.ini-development and php.ini-production files 
to get rid of the Bkav false positive. It's probably a false positive because 
of the unusual extension.

Original issue reported on code.google.com by czarek.t...@gmail.com on 3 Oct 2014 at 8:58
@GoogleCodeExporter
Copy link
Author 

[deleted comment]

@GoogleCodeExporter
Copy link
Author 

In PHP 5.6.1 libeay32.dll is no more detected as Trojan. However 
php_opcache.dll extension is detected as AdWare.MSIL.DomaIQ by AegisLab - this 
extension will be removed from phpdesktop binary release.

Original comment by czarek.t...@gmail.com on 3 Oct 2014 at 1:49

@GoogleCodeExporter
Copy link
Author 

PHP Desktop Chrome 31.7 released.

Original comment by czarek.t...@gmail.com on 3 Oct 2014 at 4:42

  • Changed state: Fixed

@GoogleCodeExporter
Copy link
Author 

Project will move to Github. Find this issue at the new address (soon): 
https://github.com/cztomczak/phpdesktop/issues/122

Original comment by czarek.t...@gmail.com on 24 Aug 2015 at 3:31

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter