There was a definition update early this morning that seems to have fixed this.
For the record, these three classes are the ones that got flagged: org/openstreetmap/josm/data/validation/tests/OpeningHourTest.class org/openstreetmap/josm/gui/io/CustomConfigurator$XMLCommandProcessor.class org/openstreetmap/josm/tools/OverpassTurboQueryWizard.class I don't see much regex in those files like I was theorizing about earlier. I do see a lot of calls to an "eval" method which I could see being flagged. Not because of this method in particular but "eval" functions are often ways to get arbitrary code execution started. Toby On Wed, Feb 21, 2018 at 3:33 PM, Vincent Privat <[email protected]> wrote: > Toby, are you still able to reproduce? My Windows Defender has been > updated today and I cannot reproduce, even when downloading JOSM from IE or > Edge. > A manual scan doesn't report any warning neither. > > 2018-02-21 17:34 GMT+01:00 Toby Murray <[email protected]>: > >> JOSM plugins are not a factor here. Windows is scanning and flagging >> the josm-latest.jar file as soon as a browser downloads it. I don't >> remember exactly which class files it is flagging. One was an inner >> class dealing with XML parsing. Given that the IntelliJ problem seems >> to be with a regex related class, I wonder if there is a certain regex >> string that is triggering it. I'm all Linux at work so I'll have to >> check at home tonight to see if there is something simple in common >> between the JOSM classes and the IntelliJ problem. >> >> Toby >> >> On Wed, Feb 21, 2018 at 5:52 AM, Florian von der Schäferbande 😉 >> <[email protected]> wrote: >> > Here are some other instances where this issue occurs: >> > >> > https://intellij-support.jetbrains.com/hc/en-us/community/ >> posts/360000091624-Trojan-Skeeyah-H >> > https://youtrack.jetbrains.com/issue/IDEA-186808 >> > https://answers.launchpad.net/sikuli/+question/664458 >> > >> > Maybe that could help with finding the cause. There are some mentions >> of scripting in these links. Do you by chance have the scripting plugin >> installed? >> > >> > Am 21. Februar 2018 12:38:21 MEZ schrieb Mike N <[email protected]>: >> >>On 2/21/2018 3:46 AM, Toby Murray wrote: >> >>> Windows Defender has apparently taken offense to JOSM in the latest >> >>> malware signature update. Starting on February 19th mine started >> >>> claiming to detect a trojan named Skeeyah.H in 3 different class >> >>files >> >>> inside of the JOSM JAR. Defender helpfully removed these class files >> >>> from the JAR. JOSM is not amused by this and crashes on launch with a >> >>> NoClassDefFoundError. >> >> >> >> What version of JOSM was this? I haven't seen this yet with Windows >> >>Defender and JOSM 13367. >> > >> > -- >> > Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet. >> >> >
