Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Download - Trojan #13

Closed
jhewitt0 opened this issue Apr 26, 2016 · 13 comments
Closed

Download - Trojan #13

jhewitt0 opened this issue Apr 26, 2016 · 13 comments

Comments

@jhewitt0
Copy link

Hi, I tried to download the installer and Norton anti-virus removes the file because it thinks it has a Trojan in the file. Can you verify that the installer is in fact clean and safe to use?

Thanks!

image
@anupsaund
Copy link
Contributor

Hi @jhewitt0 ,

Thanks for logging this issue - we had another report of it, via Kaspersky but put it down to a false positive.

I have looked in more detail, and scanned the installer using http://www.virustotal.com

The report comes back with the following;

https://www.virustotal.com/en/file/8f8511d8784143c889f5cc23b4ffac4ad9c886f218aa3f3ed475285cb15dc2fa/analysis/

6/56 Antivirus applications detect issues with the installer.

I started off by scanning the build server using malwarebytes - that came back with a clean report of the system. The next step was to check the installer packager.

We use Inno Setup. -> An old version.

I have updated the Inno Setup Build Service to the latest version and recompiled an installer.
I submitted this to virustotal and it came back with the following result:
https://www.virustotal.com/en/file/82aa026fe1716abb4e624f9b895e15f3648715eff93f66c754a9b02ee44d6732/analysis/

3/56 Antivirus programs are saying the installer has issues.

This new installer package has been put onto the gitSQL website - but it still leaves us with the problem that the following AV programs will stop the installation;

  • Avast
  • Kaspersky
  • Qihoo-360

On a side note, I had a check on Kaspersky to see if gitSQL.exe is in there list of known applications.

They have gitSQL versions 1.0.0.0 and 1.0.1.0 in their known (safe) applications.
http://whitelist.kaspersky.com/advisor#search/gitsql

Would you try the latest installer on the website please?

I will continue to look at the issue to see what items inside the installer are causing the false positive.

@anupsaund
Copy link
Contributor

I have submitted the installer to Symantec for a false positive review.

image

I will try to submit to Avast and Qihoo-360 too...

@anupsaund
Copy link
Contributor

Submitted false positive to Kaspersky

@anupsaund
Copy link
Contributor

Submitted false positive to Avast

@anupsaund
Copy link
Contributor

Submitted false positive to 360 total security via https://www.360totalsecurity.com/en/suspicion/

@anupsaund
Copy link
Contributor

Response from Symantec

Symantec FP Incident Response <falsepositives@symantec.com>
In relation to submission [3942278].

Having reviewed the information provided we are unable to reproduce or confirm the issue described.

Please ensure that you are using Symantec's latest virus definitions for detection. These can be found using live update or alternatively via the URL below.
http://securityresponse.symantec.com/avcenter/defs.download.html

@anupsaund
Copy link
Contributor

Response from Kaspersky

newvirus@kaspersky.com

Hello,

Sorry, it was a false detection. It will be fixed in the next update.
Thank you for your help.

Sincerely yours,
S*** *****n,
Malware analyst.

@anupsaund
Copy link
Contributor

Response from Total 360.

Dear Sir or Madam,


The file that you’ve submitted has been analyzed(Time: 2016-04-27 04:40:02; Software: setup-gitsql-1-2-1-exe; ID:2425879).

We sincerely appreciate your help of improving our products and services.

Result: Proper actions have been taken. If the false positive happens again, please add it into local Trust List and contact us again with support@360safe.com .

Thanks for your support.

Sounds a bit vague but I think it means it was a false positive.

@anupsaund
Copy link
Contributor

Response from Avast.

Avast Customer Care customer.care@avast.com via freshdesk.com 

Hello again,

Our virus specialists have been working on this problem and it has now been resolved. The provided file isn't detected by Avast anymore.

Please check the following articles about Avast virus policy:
Avast Clean Guidelines: https://www.avast.com/faq.php?article=AVKB228
Avast File Whitelisting: https://www.avast.com/en-us/faq.php?article=AVKB229

We are sorry for the inconvenience. If you have any further questions, don't hesitate to contact me again.

@IOExceptional
Copy link

Great work @anupsaund, thanks for the clarification

@jhewitt0
Copy link
Author

Thanks for all the work on checking this out. I'll give it another try and see if I can get it to download.

@shuzer
Copy link

shuzer commented May 2, 2016

Wanted to give the free edition a whirl to see if it will meet my group's needs -- but our corporate Web Gateway (McAfee Web Gateway) is detecting this as a trojan as well and will not allow me to download it.

@anupsaund
Copy link
Contributor

Hi @shuzer,

I had a look to see how I would go about reporting a false positive to McAfee;

Details here;
https://kc.mcafee.com/corporate/index?page=content&id=KB62662&actp=null&viewlocale=en_US

I think I may not have enough information to submit the request :0(

Would you be able to get the installer whitelisted internally @work instead?

Sorry if it's a poor suggestion.

@ericjuden ericjuden mentioned this issue Apr 5, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@IOExceptional @jhewitt0 @anupsaund @shuzer