my virusscanner found a Worm in octave.exe
|
View:
New views
9 Messages
—
Rating Filter:
Alert me
|
 |
my virusscanner found a Worm in octave.exe
by Danny Schneider-2
::
Rate this Message:
Hi,
I don't know if this is the right channel for this information, but perhaps somebody of you can direct it the right way... My virus scanner just reported that octave.exe contains a Virus/Worm named Zhelatin.aan.13 it was found in octave-3.0.0.exe and octave.exe I downloaded it from sourceforge. Can anybody confirm the disease? greetings Danny ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Octave-dev mailing list Octave-dev@... https://lists.sourceforge.net/lists/listinfo/octave-dev |
|
|
Re: my virusscanner found a Worm in octave.exe
by Michael Goffioul-2
::
Rate this Message:
On Thu, Jun 19, 2008 at 11:25 PM, Danny Schneider
<Danny_Schneider_Hessen@...> wrote: > Hi, > > I don't know if this is the right channel for this information, but > perhaps somebody of you can direct it the right way... > > My virus scanner just reported that octave.exe contains a Virus/Worm > named Zhelatin.aan.13 > > it was found in octave-3.0.0.exe and octave.exe > > I downloaded it from sourceforge. > > Can anybody confirm the disease? Apparently, this problem appeared recently as this problem has been reported a few time since the beginning of this week. My virsu scanner does not detect any problem, so I would like to request some feedback from other Windows users 1) Is this worm new? 2) What AV software detect it? 3) Could anyone with McAfee or Norton check the executables (the latest VS2008 executable was built on a regularly updated McAfee-protected system) 4) Could people who detected the worm check older executables? (like the 2.9.x series) Thanks, Michael. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Octave-dev mailing list Octave-dev@... https://lists.sourceforge.net/lists/listinfo/octave-dev |
|
|
Re: my virusscanner found a Worm in octave.exe
by Michael Goffioul-2
::
Rate this Message:
On Fri, Jun 20, 2008 at 9:00 PM, Michael Goffioul
<michael.goffioul@...> wrote: > Apparently, this problem appeared recently as this problem has > been reported a few time since the beginning of this week. My > virsu scanner does not detect any problem, so I would like to request > some feedback from other Windows users > > 1) Is this worm new? > > 2) What AV software detect it? > > 3) Could anyone with McAfee or Norton check the executables > (the latest VS2008 executable was built on a regularly updated > McAfee-protected system) > > 4) Could people who detected the worm check older executables? > (like the 2.9.x series) Additional info: the first report was about the installer executable (not the installed octave.exe). Could people also check recent (3.0.x) and older (2.9.x) installers? Michael. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Octave-dev mailing list Octave-dev@... https://lists.sourceforge.net/lists/listinfo/octave-dev |
|
|
|
|
|
Re: my virusscanner found a Worm in octave.exe
by James K. Lowden-2
::
Rate this Message:
Michael Goffioul wrote:
> I scanned octave.exe through > http://virscan.org and only 2 (out of 36) AV detected the Zhelatin worm: > Antivir and Ikarus. From user reports, the previous 3.0.0 version also > has the same problem, but this release dates back from December 2007 > and has been downloaded more than 70,000 times. Is it imaginable that > a worm was present at that time and that nobody detected it during > 6 months...? All this makes me think there's a higher probability that > this is a false positive detection. A suggestion: When posting a binary (especially a Win32 binary) build it in two places and include its MD5 fingerprint. Your binary is is known to be good because it was built from source without any possibility of worm, etc. The user can verify the file on his disk -- the one triggering the virus alarm -- has the very same fingerprint, and can tell the AV vendor. Either the user or the vendor can reproduce the binary from the sources and (one hopes) match the fingerprint, thereby demonstrating what must be so: that the scanning software is producing a false positive. Matching a fingerprint can be tricky because it relies on having identical build environments. But even the user who never compiles can know that the file resident on his disk still matches the one you originally built and posted for download. That's pretty good assurance there's no real virus involved. To verify the integrity of your build environment, it would be well to have two people build identical binaries with matching fingerprints. The likelihood of two identical infections is vanishingly small. With the above procedure in place, any questions about infection can be answered by the user and AV vendor. Humbly submitted, --jkl ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Octave-dev mailing list Octave-dev@... https://lists.sourceforge.net/lists/listinfo/octave-dev |
|
|
Re: my virusscanner found a Worm in octave.exe
by dbateman
::
Rate this Message:
Thems fightin words... Seriously, we limited by the volunteer effort involved in developing and building Octave. And those that see are problem are the best to address it, so you're ideally placed for the second build ;-) D. |
|
|
Re: my virusscanner found a Worm in octave.exe
by James K. Lowden-2
::
Rate this Message:
dbateman wrote:
> James K. Lowden-2 wrote: > > > > To verify the integrity of your build environment, it would be well to > > have two people build identical binaries with matching fingerprints. > > The likelihood of two identical infections is vanishingly small. > > > > Thems fightin words... Seriously, we limited by the volunteer effort > involved in developing and building Octave. And those that see are > problem are the best to address it, so you're ideally placed for the > second build ;-) I know, Mr. Batemean. I understand, and I agree. No offence meant. I was only suggesting that an MD5 digest might be less effort to produce than answering list messages about virus scanner errors. I don't know if I'm ideally placed or not, but I expect before long I'll be wrangling with building Octave for Windows from source. I'd like to get a version built with symbols, so I can trace calls to my extension with a debugger. I tried on NetBSD and gave up. (I'm not alone, cf. http://cvsweb.netbsd.se/cgi-bin/bsdweb.cgi/pkgsrc/math/octave/patches/) :-( BTW, is there interest here in making Octave more portable, in particular by using libtool? I might be able to help there. Kind regards, --jkl ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Octave-dev mailing list Octave-dev@... https://lists.sourceforge.net/lists/listinfo/octave-dev |
|
|
Re: my virusscanner found a Worm in octave.exe
by Michael Goffioul-2
::
Rate this Message:
On Mon, Jun 23, 2008 at 1:18 AM, James K. Lowden
<jklowden@...> wrote: > I know, Mr. Batemean. I understand, and I agree. No offence meant. I > was only suggesting that an MD5 digest might be less effort to produce > than answering list messages about virus scanner errors. > > I don't know if I'm ideally placed or not, but I expect before long I'll > be wrangling with building Octave for Windows from source. I'd like to > get a version built with symbols, so I can trace calls to my extension > with a debugger. > > I tried on NetBSD and gave up. (I'm not alone, cf. > http://cvsweb.netbsd.se/cgi-bin/bsdweb.cgi/pkgsrc/math/octave/patches/) > :-( > > BTW, is there interest here in making Octave more portable, in particular > by using libtool? I might be able to help there. I don't think libtool will provide any improvement under non-UNIX-like platforms/compilers. If you really want portability, look at build solutions like SCons or CMake, but not libtool. Michael. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Octave-dev mailing list Octave-dev@... https://lists.sourceforge.net/lists/listinfo/octave-dev |
|
|
Re: my virusscanner found a Worm in octave.exe
by David Bateman
::
Rate this Message:
James K. Lowden wrote:
> dbateman wrote: > >> James K. Lowden-2 wrote: >> >>> To verify the integrity of your build environment, it would be well to >>> have two people build identical binaries with matching fingerprints. >>> The likelihood of two identical infections is vanishingly small. >>> >>> >> Thems fightin words... Seriously, we limited by the volunteer effort >> involved in developing and building Octave. And those that see are >> problem are the best to address it, so you're ideally placed for the >> second build ;-) >> > > I know, Mr. Batemean. I understand, and I agree. No offence meant. I > was only suggesting that an MD5 digest might be less effort to produce > than answering list messages about virus scanner errors. being flippant. But serious, like all open source projects Octave does have a major lack of resources.. > I don't know if I'm ideally placed or not, but I expect before long I'll > be wrangling with building Octave for Windows from source. I'd like to > get a version built with symbols, so I can trace calls to my extension > with a debugger. Which tool chain do you intend to use. MinGW, Cingwin or MSVC? All are possible and all already have build environments already ready.. MinGW and MSVC in the octave-forge SVN and Cingwin elsewhere. Tatsuro also does multiple windows builds and so he'll be a good source of knowledge. > I tried on NetBSD and gave up. (I'm not alone, cf. > http://cvsweb.netbsd.se/cgi-bin/bsdweb.cgi/pkgsrc/math/octave/patches/) > :-( > These patches were never sent upstream as far as I can tell. One good thing you could do for both NetBSD and Octave is to feed these patches to bug@... one by one with a short explanation of what they address. In that way Octave can become more compatible with NetBSD :-) > BTW, is there interest here in making Octave more portable, in particular > by using libtool? I might be able to help there. > Perhaps, people tend to scratch their own itches in the open source world.. If its something that you really need discuss it on maintainers@... and see what the consensus is. Cheers David > Kind regards, > -- David Bateman David.Bateman@... Motorola Labs - Paris +33 1 69 35 48 04 (Ph) Parc Les Algorithmes, Commune de St Aubin +33 6 72 01 06 33 (Mob) 91193 Gif-Sur-Yvette FRANCE +33 1 69 35 77 01 (Fax) The information contained in this communication has been classified as: [x] General Business Information [ ] Motorola Internal Use Only [ ] Motorola Confidential Proprietary ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Octave-dev mailing list Octave-dev@... https://lists.sourceforge.net/lists/listinfo/octave-dev |
| Free Forum Powered by Nabble | Forum Help |