Quantcast

Avast detects bad stuff

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Avast detects bad stuff

chzuck
When I tried to download the latest version of Gramps, Avast would not allow some of the download to proceed.  I got the alarm posted below.

Infekce zablokována
URL   hxxp://hivelocity.dl.sourceforge.net/project/gramps/Stable/4.1.0/GrampsAIO-4.1.1-86bfff_win32_py27.exe|$INSTDIR\bin\msggrep.exe
Infection   Win32:Evo-gen [Susp]

I was just on the Avast forum and they confirm there is a "file INSIDE the executable is marked as malicious".

This also happened a week or so ago when I downloaded 4.0.  I disabled my virus scan to download the whole file.  So do I now have a virus lurking on my computer?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Avast detects bad stuff

Patricia J. Hawkins
>>>>> "c" == chzuck  <[hidden email]> writes:

c> When I tried to download the latest version of Gramps, Avast would not allow
c> some of the download to proceed.  I got the alarm posted below.

c> Infekce zablokována
c> URL  
c> hxxp://hivelocity.dl.sourceforge.net/project/gramps/Stable/4.1.0/GrampsAIO-4.1.1-86bfff_win32_py27.exe|$INSTDIR\bin\msggrep.exe
c> Infection   Win32:Evo-gen [Susp]

c> I was just on the Avast forum and they confirm there is a "file INSIDE the
c> executable is marked as malicious".

Yes, but the file it's reporting is msggrep.exe, which is the gnu
message utility.  (I googled and found your discussion with the Avast
folks, IMO they barely looked at the problem.)

c> This also happened a week or so ago when I downloaded 4.0.  I disabled my
c> virus scan to download the whole file.  So do I now have a virus lurking on
c> my computer?

Doubt it; I find Herd Protect reporting the same Win32:Evo-gen false
positive on a clean msggrep.exe -- see:
http://www.herdprotect.com/msggrep.exe-50bd69eb117681341afeacb25d672fa5413d96e8.aspx

However, I do get a different SHA256 signature on the msggrep.exe that I
just pulled out of GrampsAIO-4.1.1-86bfff_win32_py27.exe using wine
(on Ubuntu).  

My extremely strong suspicion is that this is just a different build of
msggrep.exe that Herd Protect hasn't seen yet; but I'd like to see
someone who knows more about the provenance of this executable than I do
weigh in before giving it clean bill of health.  My output:

pjh@pjh-laptop:~/.wine/drive_c/Program Files/GrampsAIO-4.1.1/bin$ sha256sum msggrep.exe
d7e5a3b99bb0f4429d1a87e1187f9c9e5167efbf264549eb22b444f9831eefd9  msggrep.exe


c> --
c> View this message in context: http://gramps.1791082.n4.nabble.com/Avast-detects-bad-stuff-tp4666504.htmlSent from the gramps-bugs mailing list archive at Nabble.com.

c> ------------------------------------------------------------------------------
c> Open source business process management suite built on Java and Eclipse
c> Turn processes into business applications with Bonita BPM Community Edition
c> Quickly connect people, data, and systems into organized workflows
c> Winner of BOSSIE, CODIE, OW2 and Gartner awards
c> http://p.sf.net/sfu/Bonitasoft_______________________________________________
c> Gramps-bugs mailing list
c> [hidden email]
c> https://lists.sourceforge.net/lists/listinfo/gramps-bugs



--
Patricia J. Hawkins

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Gramps-bugs mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gramps-bugs
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Avast detects bad stuff

Patricia J. Hawkins
In reply to this post by chzuck
You know, I lost track of the point that the file's on *sourceforge*;
they scan the heck out of things.

It's still your call, but personally I'd call it a known false-positive;
though you might point out the  Herd Protect report to Avast.

(BTW, the reason there's an executable inside the executable is because
the outer executable is an installer.  There's an entire build
environment -- python and a bunch of GNU utilities -- packed into the
installer.)

--
Patricia J. Hawkins

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Gramps-bugs mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gramps-bugs
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Avast detects bad stuff

chzuck
Patrician,
Thank you for taking the time to look into my problem.  I will put the problem back in their lap.  They need to look into it more and possibly contact Gramps.  I have a problem with another site of a reputable photographer that will not allow me access to the site.  I cannot complain too much since I am using the free version of avast.  Thanks again.
 
 
Charlie H Zuck

---------- Original Message ----------
From: "Patricia J. Hawkins [via GRAMPS]" <[hidden email]>
To: chzuck <[hidden email]>
Subject: Re: Avast detects bad stuff
Date: Wed, 2 Jul 2014 14:23:20 -0700 (PDT)

You know, I lost track of the point that the file's on *sourceforge*;
they scan the heck out of things.

It's still your call, but personally I'd call it a known false-positive;
though you might point out the  Herd Protect report to Avast.

(BTW, the reason there's an executable inside the executable is because
the outer executable is an installer.  There's an entire build
environment -- python and a bunch of GNU utilities -- packed into the
installer.)

--
Patricia J. Hawkins

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Gramps-bugs mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gramps-bugs


If you reply to this email, your message will be added to the discussion below:
http://gramps.1791082.n4.nabble.com/Avast-detects-bad-stuff-tp4666504p4666516.html
To unsubscribe from Avast detects bad stuff, click here.
NAML
Loading...