Thanks Paul,

Yes indeed it looks like every single version will need to be whitelisted.

It would be interesting for us to upload every release, but it looks
like it's a manual process that someone will need to take care of (at
least it doesn't look like it's a scriptable API):

https://submit.symantec.com/whitelist/isv/

It also looks like code signing would be an alternative, but from a
quick look at the page https://submit.symantec.com/whitelist/ , this
mainly looks like a process to generate business for some CA with no
open alternatives.
But if someone has more experience in this area, it will be interesting
to hear insights.

I think the most sustainable approach is if

 * someone volunteers to manually upload the files after new releases
 * or possibly (if it helps...) someone sponsors a certificate

Matthias

On 12/19/2016 02:36 PM, Lens Paul wrote:
> Thanks Matthias,
> 
> I just received the answer of Symantec (Norton), here are some excerpts.
> 
> 
> ----------------------------
> 
> Upon further analysis and investigation we have verified your submission
> and, as such, the detection(s) for the following file(s) will be removed
> from our products:
> 
>     File name: qgis_bin.exe
>     MD5: 99002dab0a0525a941b4a473fe4b058b
>     SHA256:
> 5f1fe42b904298eecbb1c0bdc3cbb4a28dcbace3b1b65a250ef800d8158a4f51
>     Note: Whitelisting may take up to 24 hours to take effect via Live
> Update
> 
> 
> If detection persists, please contact support:
> * Norton:https://support.norton.com/sp/en/us/home/current/info
> 
> ...
> 
> If you are a software vendor and would like to upload your software for
> proactive whitelisting, please complete one of the following forms:
> * If you are BCS customer:https://submit.symantec.com/whitelist/bcs
> * Otherwise:https://submit.symantec.com/whitelist
> 
> For more information on best practices to reduce false positives:
> http://www.symantec.com/content/en/us/enterprise/white_papers/b-to_increase_downloads-instill_trust_first_WP.en-us.pdf
> 
> -------------
> 
> Does it mean that they whitelist just one version of QGIS (in relation
> with the signature MD5)?
> Which means that every new version should also be submitted to them?
> (luckily, the procedure is easy and not time-consuming).
> 
> They also recommend a "software vendor" procedure, which is beyond my
> understanding.
> 
> 
> Regards and thanks to all the developers for the marvelous development
> of QGIS,
> 
> Paul
> Le 19/12/2016 à 12:13, Matthias Kuhn a écrit :
>> Thank you Paul,
>>
>> We have received similar reports in the past already.
>>
>> I think what you have done is the best approach: notify the antivirus
>> producer about false alerts as a user and provide them with the required
>> information (qgis-bin.exe etc.) to investigate the problem and update
>> the heuristics or white list accordingly.
>>
>> With the information available from the general description of the
>> heuristics, there is normally not a lot we can do to "solve" the problem
>> from our side. If Norton asks more information, please just post again
>> either on this list or on the qgis developer list.
>>
>> Thanks again
>> Matthias
>>
>>
>> On 12/19/2016 12:04 PM, Lens Paul wrote:
>>> Hi all,
>>>
>>> For info to Norton Security Users,
>>>
>>> Using QGIS 2.18.1 on Windows 7 sp1 64 bits.
>>>
>>> Norton deleted twice, without warning, qgis-bin.exe + many .py files on
>>> my computer + modified many registry entries.
>>>
>>> Message was "WS.Reputation.1", linked to the so-called SONAR function of
>>> Norton Security.
>>>
>>> This is how it works : "WS.Reputation.1 is a detection for files that
>>> have a low reputation score based on analyzing data from Symantec’s
>>> community of users and therefore are likely to be security risks."
>>>
>>> The Norton (french-speaking) Assistance  confirmed me it is a false
>>> positive. I asked them to put QGIS on the White List.
>>>
>>> NB: this is not the first time it happens for QGIS, see:
>>> https://community.norton.com/en/forums/qgis-issue.
>>>
>>> Afterwards, I submitted also a demand for whitelisting, as a Norton
>>> user, on the Norton website
>>> (https://submit.symantec.com/false_positive/standard/), where
>>> qgis-bin.exe can be uploaded for testing.
>>>
>>> I hope this will prevent any other disturbing false positive on Norton
>>> products. Any suggestion?
>>>
>>> Paul
>>>
>>> _______________________________________________
>>> Qgis-user mailing list
>>> Qgis-user@lists.osgeo.org
>>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
>>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
>> _______________________________________________
>> Qgis-user mailing list
>> Qgis-user@lists.osgeo.org
>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
> 
> _______________________________________________
> Qgis-user mailing list
> Qgis-user@lists.osgeo.org
> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
_______________________________________________
Qgis-user mailing list
Qgis-user@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user

Reply via email to