Re: virus or hoax in test/asn1test.exe ?
On 2/16/2012 11:42 PM, David H. Lipman wrote: From: Johan Samyn johan.sa...@gmail.com 48 hours later my replies have NOT made it to Gmane. Mark: 2/16/12 @ 1742 hrs I guess that would be 2012-02-16 17:42 -0500 aka 2012-02-16 22:42 UTC? It arrived here on our European mailserver 2012-02-17 11:01:12 UTC From 2012-02-16 22:43:05 UTC to 2012-02-17 22:43:10 UTC it spent all of 5 seconds on gmane servers. From 2012-02-16 22:43:10 UTC to 2012-02-17 10:56:02 UTC it was stuck somewhere inside master.openssl.org -- Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10 call:+4531131610 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: virus or hoax in test/asn1test.exe ?
On 02/17/2012 12:29 PM, Jakob Bohm wrote: On 2/16/2012 11:42 PM, David H. Lipman wrote: From: Johan Samyn johan.sa...@gmail.com 48 hours later my replies have NOT made it to Gmane. Mark: 2/16/12 @ 1742 hrs I guess that would be 2012-02-16 17:42 -0500 aka 2012-02-16 22:42 UTC? It arrived here on our European mailserver 2012-02-17 11:01:12 UTC From 2012-02-16 22:43:05 UTC to 2012-02-17 22:43:10 UTC it spent all of 5 seconds on gmane servers. From 2012-02-16 22:43:10 UTC to 2012-02-17 10:56:02 UTC it was stuck somewhere inside master.openssl.org master.openssl.org uses anti-spam measures that may cause some short delay. Mails posted by non-subscribers or being caught in additional anti-spam measures go to the moderation queue and I am not around 24/7. Best regards, Lutz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
virus or hoax in test/asn1test.exe ?
Hi, I just compiled openssl-1.0.0g on a Win7 box using MingW. All went well, except I got a virus alert from Avira for 'TR/Graftor.10418.101' found in the file .../openssl-1.0.0g/test/asn1test.exe. That virus was added to the Avira VDF file on 2012-01-18. Avira denies access to it, so that file is unusable, and I quarantained it (to get rid of the alerts). Is this a real threat ? Has anyone else experienced it ? Or is it a hoax (cause to me it seems a bit weird to have a virus after just compiling a package like openssl) ? -- Johan Samyn ___ Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away. - A. de Saint-Exupery __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: virus or hoax in test/asn1test.exe ?
Hi, I just compiled openssl-1.0.0g on a Win7 box using MingW. All went well, except I got a virus alert from Avira for 'TR/Graftor.10418.101' found in the file .../openssl-1.0.0g/test/asn1test.exe. That virus was added to the Avira VDF file on 2012-01-18. Avira denies access to it, so that file is unusable, and I quarantained it (to get rid of the alerts). Is this a real threat ? Has anyone else experienced it ? Or is it a hoax (cause to me it seems a bit weird to have a virus after just compiling a package like openssl) ? pattern/heuristical match issue? try uploading it to one of the multi-vendor test suite systems and see what pops out? eg http://www.threatexpert.com/ https://www.virustotal.com/ upload it to Avira with 'false positive' markinghttp://analysis.avira.com/samples/ alan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: virus or hoax in test/asn1test.exe ?
On 14-02-2012 22:58, Wim Lewis wrote: On 14 Feb 2012, at 1:42 PM, Johan Samyn wrote: Hi, I just compiled openssl-1.0.0g on a Win7 box using MingW. All went well, except I got a virus alert from Avira for 'TR/Graftor.10418.101' found in the file .../openssl-1.0.0g/test/asn1test.exe. That virus was added to the Avira VDF file on 2012-01-18. Avira denies access to it, so that file is unusable, and I quarantained it (to get rid of the alerts). Is this a real threat ? Has anyone else experienced it ? Or is it a hoax (cause to me it seems a bit weird to have a virus after just compiling a package like openssl) ? It seems likely that it's just an overly broad virus definition in Avira's database. A web search turns up at least one other person with a similar problem: http://itsacleanmachine.blogspot.com/2012/01/antivirus-anger.html Another possibility, I guess, is that Graftor.10418.101 propagates by infecting compilers and causing them to write infected output. I think you'll need to ask Avira for advice. (sending this to the openssl-users mailing list too.) Thanks for the info, I'll contact Avira (and perhaps the Mingw people too). -- Johan Samyn ___ Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away. - A. de Saint-Exupery __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: virus or hoax in test/asn1test.exe ?
On Tue, Feb 14, 2012 at 4:42 PM, Johan Samyn johan.sa...@gmail.com wrote: Hi, I just compiled openssl-1.0.0g on a Win7 box using MingW. All went well, except I got a virus alert from Avira for 'TR/Graftor.10418.101' found in the file .../openssl-1.0.0g/test/asn1test.exe. That virus was added to the Avira VDF file on 2012-01-18. Avira denies access to it, so that file is unusable, and I quarantained it (to get rid of the alerts). Is this a real threat ? Has anyone else experienced it ? Or is it a hoax (cause to me it seems a bit weird to have a virus after just compiling a package like openssl) ? As Alan suggested, test against other scanners. I usually use https://www.virustotal.com/. But its probably a false positive. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org