Thanks for the fast replies!
I'm going to proceed with installation.
Maybe Avast guys should be notified, but that must be done from someone
regular with the project.
> Оригинално писмо
>От: "Len Popp"
>Относно: Re: Avast Antivirus and apache-tomcat-6.0.18.exe
>До: "Tomcat Users List"
>Изпратено на: Сряда, 2008, Август 6 03:09:50 EEST
>2008/8/5 Johnny Kewl :
>>
>> - Original Message - From: "Mark Thomas"
>> To: "Tomcat Users List"
>> Sent: Tuesday, August 05, 2008 11:09 PM
>> Subject: Re: Avast Antivirus and apache-tomcat-6.0.18.exe
>>
>>
>>> Mark Thomas wrote:
>>>>
>>>> Ангелин Лалев wrote:
>>>>>
>>>>> Apparently the address is from Bulgarian mirror, where I am
>>>>> automatically redirected when i load the
>>>>> http://tomcat.apache.org/download-60.cgi.
>>>>> The md5 sum is from there too.
>>>>>
>>>>> If the alert is reproducable on binaries from other mirrors that still
>>>>> don't mean it's a virus.
>>>>> I had false warnings with Avast before.
>>>>
>>>> Indeed. That is what I am trying to establish.
>>>
>>> I am as sure as I can be that this is a false positive.
>>>
>>> Mark
>>
>> Hi Mark, I think so to, I scanned the zips, scanned native binaries...
>> conclude either something has snuck onto the MS build machine, or Avast is
>> getting it wrong... I believe the later because it doesnt actually identify
>> the virus, Win32 gen seems to be a generic warning with no description...
>> But all this doesnt really matter... one cant recommend users ignore it,
>> Avast is popular... and its just the kind of thing competition will thrive
>> on... its negative marketing for TC.
>> It will probably go away with a slight mod to the build and I think it has
>> to be marked as urgent and the instant the next build is ready, its
>> replaced.
>> I would actually remove it... just the Win32 service... the zip is fine.
>> Regards
>> JK
>
>I agree that a false positive from Avast shouldn't be ignored, but I
>think the correct solution is for someone @apache.org to contact Avast
>and ask them to either explain what the problem is or remove Tomcat
>from their virus definitions.
>
>Sometimes the problem is caused by the installer program. There have
>been cases where the anti-virus guys mistakenly extract a signature
>from the installer program rather than the from the malware itself,
>which causes false positives on other programs using the same
>installer. Just a guess, but it seems likely here because Tomcat uses
>the popular open-source Nullsoft installer.
>--
>Len
>
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]