Re: [cmake-developers] Trojan in latest release
On 3/22/19 9:56 AM, Brad King wrote: > > https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-win64-x64.zip > > and uploaded just `bin/cmake.exe` to virustotal.com: it does claim > that `Trojan:Win32/Skeeyah.I` appears: > > This is almost certainly a false positive. I've replaced the binaries with a new build that does not trigger the report. The new `bin/cmake.exe` is identical in size and has very few bytewise differences. -Brad -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: https://cmake.org/mailman/listinfo/cmake-developers
Re: [cmake-developers] Trojan in latest release
On 3/21/19 12:21 PM, Cristian Adam wrote: > Also worth mentioning that Virustotal has nothing on both 32 and 64 bit files: I extracted https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-win64-x64.zip and uploaded just `bin/cmake.exe` to virustotal.com: it does claim that `Trojan:Win32/Skeeyah.I` appears: https://www.virustotal.com/#/file/c63217be5459bea702f905cb8a27097d89b94c5c1e25d09089a2f401da7a51ac/detection This is almost certainly a false positive. None of the other `.exe` files in the zip have it. Also `bin/cmake.exe` from the 3.14.0-rc* series of binaries and the nightly binaries before and after the release all report as clean. -Brad -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: https://cmake.org/mailman/listinfo/cmake-developers
Re: [cmake-developers] Trojan in latest release
On Thu, Mar 21, 2019 at 7:40 PM Brad King via cmake-developers < cmake-developers@cmake.org> wrote: > On 3/21/19 2:01 PM, kevin wrote: > > I have not actually seen the file, because windows defender is > > preventing the download from completing. > > I just tried using MS Edge on an up-to-date Win 10 Pro with > Windows Defender enabled. It is able to download and scan > the file, and finds nothing. > > I've opened up a ticket regarding Authenticode: https://gitlab.kitware.com/cmake/cmake/issues/19077 CMake should have support for Authenticode, and should serve as an example with it's own CMake code. Cheers, Cristian. -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: https://cmake.org/mailman/listinfo/cmake-developers
Re: [cmake-developers] Trojan in latest release
On 3/21/19 2:01 PM, kevin wrote: > I have not actually seen the file, because windows defender is > preventing the download from completing. I just tried using MS Edge on an up-to-date Win 10 Pro with Windows Defender enabled. It is able to download and scan the file, and finds nothing. -Brad -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: https://cmake.org/mailman/listinfo/cmake-developers
Re: [cmake-developers] Trojan in latest release
Yes, your correct on the url. Using the link from your email. Gave me the same Trojan. I have not actually seen the file, because windows defender is preventing the download from completing. Sent from my iPhone > On Mar 21, 2019, at 12:45 PM, Brad King wrote: > >> On 3/21/19 12:31 PM, kevin wrote: >> Linked from https://camel.org/download > > I'll assume you meant `cmake.org` there. > >> Platform->windows win64-x64 installer: ... > > That would be > > > https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-win64-x64.msi > > I downloaded it and got a SHA-256 sum of > > 4cbc62929f313d9890d377fa022753e9e5509e7afa3e16978127b7b2813633cf > > which matches our published signatures. > > What tool claims the binary contains Skeeyah? > > -Brad -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: https://cmake.org/mailman/listinfo/cmake-developers
Re: [cmake-developers] Trojan in latest release
On 3/21/19 12:31 PM, kevin wrote: > Linked from https://camel.org/download I'll assume you meant `cmake.org` there. > Platform->windows win64-x64 installer: ... That would be https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-win64-x64.msi I downloaded it and got a SHA-256 sum of 4cbc62929f313d9890d377fa022753e9e5509e7afa3e16978127b7b2813633cf which matches our published signatures. What tool claims the binary contains Skeeyah? -Brad -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: https://cmake.org/mailman/listinfo/cmake-developers
Re: [cmake-developers] Trojan in latest release
Linked from https://camel.org/download Platform->windows win64-x64 installer: ... Sent from my iPhone > On Mar 21, 2019, at 12:20 PM, Brad King wrote: > >> On 3/21/19 12:05 PM, kevin wrote: >> I just tried to install the latest release and noticed it contained Skeeyah.l > > What is the URL of the binary you downloaded? > What is the sha256 sum of the installer file on your local disk? > > -Brad -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: https://cmake.org/mailman/listinfo/cmake-developers
Re: [cmake-developers] Trojan in latest release
Also worth mentioning that Virustotal has nothing on both 32 and 64 bit files: https://www.virustotal.com/gui/file/913b231e189824b679b60d9c9d45549bb047866431cd023afbb0b9d10e579279/detection https://www.virustotal.com/gui/file/4cbc62929f313d9890d377fa022753e9e5509e7afa3e16978127b7b2813633cf/detection I think it would be great if Kitware would buy an authenticode certificate to sign the Windows builds. Is there a bug report on this? Cheers, Cristian. On Thu, Mar 21, 2019 at 5:19 PM Brad King via cmake-developers < cmake-developers@cmake.org> wrote: > On 3/21/19 12:05 PM, kevin wrote: > > I just tried to install the latest release and noticed it contained > Skeeyah.l > > What is the URL of the binary you downloaded? > What is the sha256 sum of the installer file on your local disk? > > -Brad > -- > > Powered by www.kitware.com > > Please keep messages on-topic and check the CMake FAQ at: > http://www.cmake.org/Wiki/CMake_FAQ > > Kitware offers various services to support the CMake community. For more > information on each offering, please visit: > > CMake Support: http://cmake.org/cmake/help/support.html > CMake Consulting: http://cmake.org/cmake/help/consulting.html > CMake Training Courses: http://cmake.org/cmake/help/training.html > > Visit other Kitware open-source projects at > http://www.kitware.com/opensource/opensource.html > > Follow this link to subscribe/unsubscribe: > https://cmake.org/mailman/listinfo/cmake-developers > -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: https://cmake.org/mailman/listinfo/cmake-developers
Re: [cmake-developers] Trojan in latest release
On 3/21/19 12:05 PM, kevin wrote: > I just tried to install the latest release and noticed it contained Skeeyah.l What is the URL of the binary you downloaded? What is the sha256 sum of the installer file on your local disk? -Brad -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: https://cmake.org/mailman/listinfo/cmake-developers