Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

siegfried triggering malware detection #118

Closed
dericed opened this Issue Jul 31, 2018 · 4 comments

Comments

Projects
None yet
3 participants
@dericed
Copy link

dericed commented Jul 31, 2018

malw

just fyi that when installing siegfried at work, my macafee virus scanner is reporting two files as trojans.

@ross-spencer

This comment has been minimized.

Copy link
Contributor

ross-spencer commented Jul 31, 2018

Oof - look like two of my skeleton files! :(

@richardlehane

This comment has been minimized.

Copy link
Owner

richardlehane commented Aug 1, 2018

thanks for letting me know Dave. As Ross notes, these are two files from his test suite - they are used in siegfried tests but aren't necessary for an install so fine I think for your virus scan to quarantine or delete them. Did the brew install work otherwise??

@dericed

This comment has been minimized.

Copy link
Author

dericed commented Aug 1, 2018

@richardlehane nope, brew install runs, triggers the malware detection (which deletes the file), and fails:

brew install richardlehane/digipres/siegfried
==> Installing siegfried from richardlehane/digipres
==> Downloading https://github.com/richardlehane/siegfried/archive/v1.7.8.tar.gz
Already downloaded: /Users/daverice/Library/Caches/Homebrew/siegfried-1.7.8.tar.gz
Error: No such file or directory @ rb_sysopen - /private/tmp/d20180801-77323-1m49nv9/siegfried-1.7.8/cmd/sf/testdata/skeleton-suite/fmt/fmt-640-signature-id-969.mpg
@richardlehane

This comment has been minimized.

Copy link
Owner

richardlehane commented Aug 3, 2018

oh that's bad. Is installing from source an option? You can install golang with brew (brew install go). Then is just go get github.com/richardlehane/siegfried/cmd/sf to get a binary (although you might get another AV quarantine). Copy the binary to somewhere in your path and run sf -update to download a signature file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.