> > From: Andrew Makhorin <[email protected]> > Date: Wed, 07 Sep 2011 00:56:15 +0400 > Subject: Re: [Help-glpk] Trojan Horse in Gusek > > Thank you very much for information. > > It seems to me that it would be better to calculate the md5 check-sums > for .zip and .tar.gz on the developer's machine and provide them on the > project's webpage (or maybe provide gpg signatures, as used for all GNU > packages for last several years) along with a brief instruction (for MS > Windows users) about how to make sure that the distributed files have > been untouched. This is the only reliable way I know to protect files > against intentional/unintentional changes on distributing them over the > internet. Including in an anti-virus whitelist doesn't seem to me a good > idea. > > Best regards, > > Andrew Makhorin > > Hi all,
I've been alway for a long time, so sorry by the unanswered questions. About virus on Gusek, this is not the first false-positive. Antivirus that are using heuristics and a high level of protection (like Karsperky on the lab that i've maintaining in the last 5 years) seems to do this in a lot of development tools that calls another executables (like SciTE, DevC++ and GAMS, to cite only few ones that i've been "white-listing" on our machines to preserve our developing ambient). I also think that the best practice is verify the checksums with the originals and check with another antivirus online and, if you are sure that is not a virus, report the false-positive using your antivirus software (if it let you do this). By the way, since GUSEK 0.2.7 (26/11/2009) the GLPK executables (including the infected file pointed, GLPSOL.EXE) are the same from GLPK for Windows<http://winglpk.sourceforge.net/>pre-build binaries (thanks, Xypron!). You can check the same file (Gusek 0.2.12 uses GLPK-4.45<http://sourceforge.net/projects/winglpk/files/winglpk/GLPK-4.45/>) from with your antivirus to ensure that are the same? If you wanna try, you can also replace the binaries (glspol.exe and the generated dll's) to run the newer GLPK version. When I can I'll update Gusek to the last GLPK revision (shortly, I guess). Also, there is always the chance that the executable in your machine have been infected by an virus that are running on memory, you can do update in your antivirus and a full search in safe mode to check this (but the the best way is boot another live media and do a full scan without using your operational system). About checksum pratices, Andrew, I've uploaded checksums on the earlier versions of Gusek, but using the one provided by sourceforge seems to be sufficient to me (i check the checksum on every upload, also). Hugs! Luiz Bettoni
_______________________________________________ Help-glpk mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-glpk
