Re: [virus report]raising virus warning when mvn tuscany source codes
On Dec 21, 2007 5:38 AM, 王洪伟 [EMAIL PROTECTED] wrote: hi, I rechecked out tuscany java codes and mvned it. Nothing happened about the virus. Thank you very much ! David 在07-12-20,kelvin goodson [EMAIL PROTECTED] 写道: I just spotted one detail in your list. Some of the files you report are in the target folder, and are therefore generated as a result of running a build on your local machine, which might indicate that your development tools might be creating the suspicious files. However, this wouldn't seem to be the whole answer, since others of the files are under the src hierarchy. Kelvin. On 20/12/2007, kelvin goodson [EMAIL PROTECTED] wrote: Hi, I have inspected the two svn version of the sdo files you reference, and both are as I would expect; no inserted script tags etc. I have created md5 sum CRC digests of the files. If you could repeat these checks and verify you get the same answer then I think your virus checker is reporting a false alarm. If however you get different results, it would seem that your files have been altered locally or have been downloaded from some other location that the svn repo. If you don't have a program that generates md5sum checks you can get a windows program from microsoft [1], and run the command fciv -md5 filename C:\Dev\clean\sample\src\main\java\org\apache\tuscany\samples\sdofciv -md5 overview.html // // File Checksum Integrity Verifier version 2.05. // 5fca4c78a97e01cd9c9d52adc0bf9163 overview.html C:\Dev\clean\sample\src\main\java\org\apache\tuscany\samples\sdofciv -md5 sampleProgramContents.html // // File Checksum Integrity Verifier version 2.05. // 3f54d5e5d541768435ef49cdda2ca788 sampleprogramcontents.html [1] http://support.microsoft.com/kb/841290 On 20/12/2007, 王洪伟 [EMAIL PROTECTED] wrote: Hi,all This morning, I checked out tuscany java sources from apache . Some virus warnings raised when I mvned it. Detail information as follows: = 扫描类型:自动防护 扫描 事件:发现安全风险! 威胁:W32.Pagipef.I!html 文件:D:\maven-sca\java\sdo\sample\target\classes\org\apache\tuscany\samples\sdo\overview.html 位置:未知存储 计算机:DAVID 用户:DAVID\ce 采取的操作:清除 成功 : 拒绝访问 发现的日期:2007年12月20日 9:23:23 === [1] http://www.tuscany.org.cn/images/9/9e/VirusReport.JPG Regards, david Ok, good. Thanks David for letting us know. Regards Simon
Re: 答复: [virus report]raising virus warning when mvn tuscany source codes
On Dec 20, 2007 2:28 AM, tao.youzt [EMAIL PROTECTED] wrote: It sounds too bad , anyone who know the reason? ―― 尤占涛(Tony) Alibaba Technology Department. Mobile:13732275093 ―― -邮件原件- 发件人: 王洪伟 [mailto:[EMAIL PROTECTED] 发送时间: 2007年12月20日 9:54 收件人: tuscany-dev 主题: [virus report]raising virus warning when mvn tuscany source codes Hi,all This morning, I checked out tuscany java sources from apache . Some virus warnings raised when I mvned it. Detail information as follows: = 扫描类型:自动防护 扫描 事件:发现安全风险! 威胁:W32.Pagipef.I!html 文件: D:\maven-sca\java\sdo\sample\target\classes\org\apache\tuscany\samples\sdo\o verview.html 位置:未知存储 计算机:DAVID 用户:DAVID\ce 采取的操作:清除 成功 : 拒绝访问 发现的日期:2007年12月20日 9:23:23 === [1] http://www.tuscany.org.cn/images/9/9e/VirusReport.JPG Regards, david Hi Firstly can I ask where you got the Tuscany files from, for example, are these from a release downloaded from the Apache Tuscany Incubator web site or are these files checked out from SVN or are they from somewhere else? Looking at some description of the problem you seem to be having [1] it does look like this has the potential to affect HTML files and the like. However it's not obvious by manual inspection that the files you are having problems with are affected in the Tuscany code base. I'm need to determine whether this is a problem in the Tuscany code base or a problem with these files being affected on your local machine. Can you compare the files listed in the JPG you reference with the files in SVN. The files are fairly short so a manual comparison with what is in SVN, for example, see [2] for overview.html, may highlight if any HTML tags have been added. I just had a quick chat with Kelvin who knows about the SDO files at least and I think he will generate from MD5 signatures for the files he has for you to do a more automated check. Regards Simon [1] http://www.symantec.com/security_response/writeup.jsp?docid=2007-112909-3431-99tabid=2 [2] http://svn.apache.org/repos/asf/incubator/tuscany/java/sdo/sample/src/main/java/org/apache/tuscany/samples/sdo/overview.html
Re: [virus report]raising virus warning when mvn tuscany source codes
Hi, I have inspected the two svn version of the sdo files you reference, and both are as I would expect; no inserted script tags etc. I have created md5 sum CRC digests of the files. If you could repeat these checks and verify you get the same answer then I think your virus checker is reporting a false alarm. If however you get different results, it would seem that your files have been altered locally or have been downloaded from some other location that the svn repo. If you don't have a program that generates md5sum checks you can get a windows program from microsoft [1], and run the command fciv -md5 filename C:\Dev\clean\sample\src\main\java\org\apache\tuscany\samples\sdofciv -md5 overview.html // // File Checksum Integrity Verifier version 2.05. // 5fca4c78a97e01cd9c9d52adc0bf9163 overview.html C:\Dev\clean\sample\src\main\java\org\apache\tuscany\samples\sdofciv -md5 sampleProgramContents.html // // File Checksum Integrity Verifier version 2.05. // 3f54d5e5d541768435ef49cdda2ca788 sampleprogramcontents.html [1] http://support.microsoft.com/kb/841290 On 20/12/2007, 王洪伟 [EMAIL PROTECTED] wrote: Hi,all This morning, I checked out tuscany java sources from apache . Some virus warnings raised when I mvned it. Detail information as follows: = 扫描类型:自动防护 扫描 事件:发现安全风险! 威胁:W32.Pagipef.I!html 文件:D:\maven-sca\java\sdo\sample\target\classes\org\apache\tuscany\samples\sdo\overview.html 位置:未知存储 计算机:DAVID 用户:DAVID\ce 采取的操作:清除 成功 : 拒绝访问 发现的日期:2007年12月20日 9:23:23 === [1] http://www.tuscany.org.cn/images/9/9e/VirusReport.JPG Regards, david
Re: [virus report]raising virus warning when mvn tuscany source codes
I just spotted one detail in your list. Some of the files you report are in the target folder, and are therefore generated as a result of running a build on your local machine, which might indicate that your development tools might be creating the suspicious files. However, this wouldn't seem to be the whole answer, since others of the files are under the src hierarchy. Kelvin. On 20/12/2007, kelvin goodson [EMAIL PROTECTED] wrote: Hi, I have inspected the two svn version of the sdo files you reference, and both are as I would expect; no inserted script tags etc. I have created md5 sum CRC digests of the files. If you could repeat these checks and verify you get the same answer then I think your virus checker is reporting a false alarm. If however you get different results, it would seem that your files have been altered locally or have been downloaded from some other location that the svn repo. If you don't have a program that generates md5sum checks you can get a windows program from microsoft [1], and run the command fciv -md5 filename C:\Dev\clean\sample\src\main\java\org\apache\tuscany\samples\sdofciv -md5 overview.html // // File Checksum Integrity Verifier version 2.05. // 5fca4c78a97e01cd9c9d52adc0bf9163 overview.html C:\Dev\clean\sample\src\main\java\org\apache\tuscany\samples\sdofciv -md5 sampleProgramContents.html // // File Checksum Integrity Verifier version 2.05. // 3f54d5e5d541768435ef49cdda2ca788 sampleprogramcontents.html [1] http://support.microsoft.com/kb/841290 On 20/12/2007, 王洪伟 [EMAIL PROTECTED] wrote: Hi,all This morning, I checked out tuscany java sources from apache . Some virus warnings raised when I mvned it. Detail information as follows: = 扫描类型:自动防护 扫描 事件:发现安全风险! 威胁:W32.Pagipef.I!html 文件:D:\maven-sca\java\sdo\sample\target\classes\org\apache\tuscany\samples\sdo\overview.html 位置:未知存储 计算机:DAVID 用户:DAVID\ce 采取的操作:清除 成功 : 拒绝访问 发现的日期:2007年12月20日 9:23:23 === [1] http://www.tuscany.org.cn/images/9/9e/VirusReport.JPG Regards, david
Re: [virus report]raising virus warning when mvn tuscany source codes
hi, I rechecked out tuscany java codes and mvned it. Nothing happened about the virus. Thank you very much ! David 在07-12-20,kelvin goodson [EMAIL PROTECTED] 写道: I just spotted one detail in your list. Some of the files you report are in the target folder, and are therefore generated as a result of running a build on your local machine, which might indicate that your development tools might be creating the suspicious files. However, this wouldn't seem to be the whole answer, since others of the files are under the src hierarchy. Kelvin. On 20/12/2007, kelvin goodson [EMAIL PROTECTED] wrote: Hi, I have inspected the two svn version of the sdo files you reference, and both are as I would expect; no inserted script tags etc. I have created md5 sum CRC digests of the files. If you could repeat these checks and verify you get the same answer then I think your virus checker is reporting a false alarm. If however you get different results, it would seem that your files have been altered locally or have been downloaded from some other location that the svn repo. If you don't have a program that generates md5sum checks you can get a windows program from microsoft [1], and run the command fciv -md5 filename C:\Dev\clean\sample\src\main\java\org\apache\tuscany\samples\sdofciv -md5 overview.html // // File Checksum Integrity Verifier version 2.05. // 5fca4c78a97e01cd9c9d52adc0bf9163 overview.html C:\Dev\clean\sample\src\main\java\org\apache\tuscany\samples\sdofciv -md5 sampleProgramContents.html // // File Checksum Integrity Verifier version 2.05. // 3f54d5e5d541768435ef49cdda2ca788 sampleprogramcontents.html [1] http://support.microsoft.com/kb/841290 On 20/12/2007, 王洪伟 [EMAIL PROTECTED] wrote: Hi,all This morning, I checked out tuscany java sources from apache . Some virus warnings raised when I mvned it. Detail information as follows: = 扫描类型:自动防护 扫描 事件:发现安全风险! 威胁:W32.Pagipef.I!html 文件:D:\maven-sca\java\sdo\sample\target\classes\org\apache\tuscany\samples\sdo\overview.html 位置:未知存储 计算机:DAVID 用户:DAVID\ce 采取的操作:清除 成功 : 拒绝访问 发现的日期:2007年12月20日 9:23:23 === [1] http://www.tuscany.org.cn/images/9/9e/VirusReport.JPG Regards, david
[virus report]raising virus warning when mvn tuscany source codes
Hi,all This morning, I checked out tuscany java sources from apache . Some virus warnings raised when I mvned it. Detail information as follows: = 扫描类型:自动防护 扫描 事件:发现安全风险! 威胁:W32.Pagipef.I!html 文件:D:\maven-sca\java\sdo\sample\target\classes\org\apache\tuscany\samples\sdo\overview.html 位置:未知存储 计算机:DAVID 用户:DAVID\ce 采取的操作:清除 成功 : 拒绝访问 发现的日期:2007年12月20日 9:23:23 === [1] http://www.tuscany.org.cn/images/9/9e/VirusReport.JPG Regards, david