Avast Antivirus and apache-tomcat-6.0.18.exe

2008-08-05 Thread Ангелин Лалев 
Greetings, 

Avast Antivirus detects some strange trojan when the installer runs. Is it a 
known problem?
The virus information: 
File name: C:\DOCUME~1\Ownjo\LOCALS~1\Temp\nspDA.tmp\nsDB.tmp
Malware name: Win32:Trojan-gen {Other}
Malware type: Virus/Worm
VPS version: 080805-0, 08/05/2008

The file is donwloaded today at ~ 5:40GMT. MD5: 
fb827381b1eca44bf32273db548157d3 (matches)

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Re: Avast Antivirus and apache-tomcat-6.0.18.exe

2008-08-05 Thread Ангелин Лалев 
Apparently the address is from Bulgarian mirror, where I am automatically 
redirected 
when i load the http://tomcat.apache.org/download-60.cgi.
The md5 sum is from there too.

If the alert is reproducable on binaries from other mirrors that still don't 
mean it's a virus.
I had false warnings with Avast before.

http://apache.online.bg/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.exe



  Original letter 
 От:  Mark Thomas 
 Относно: Re: Avast Antivirus and apache-tomcat-6.0.18.exe
 До: Tomcat Users List 
 Изпратено на: Вторник, 2008, Август 5 20:34:35 EEST

 Angelin Lalev wrote:
  Greetings, 
  
  Avast Antivirus detects some strange trojan when the installer runs. Is it 
  a known problem?
 
 It isn't but I see the same issue. Let me do some more testing.
 
 Mark
 
 
 
 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Re: Avast Antivirus and apache-tomcat-6.0.18.exe

2008-08-05 Thread Ангелин Лалев 
Thanks for the fast replies!
I'm going to proceed with installation. 
Maybe Avast guys should be notified, but that must be done from someone 
regular with the project.  

  Оригинално писмо 
 От:  Len Popp 
 Относно: Re: Avast Antivirus and apache-tomcat-6.0.18.exe
 До: Tomcat Users List 
 Изпратено на: Сряда, 2008, Август 6 03:09:50 EEST

 2008/8/5 Johnny Kewl :
 
  - Original Message - From: Mark Thomas 
  To: Tomcat Users List 
  Sent: Tuesday, August 05, 2008 11:09 PM
  Subject: Re: Avast Antivirus and apache-tomcat-6.0.18.exe
 
 
  Mark Thomas wrote:
 
  Ангелин Лалев wrote:
 
  Apparently the address is from Bulgarian mirror, where I am
  automatically redirected when i load the
  http://tomcat.apache.org/download-60.cgi.
  The md5 sum is from there too.
 
  If the alert is reproducable on binaries from other mirrors that still
  don't mean it's a virus.
  I had false warnings with Avast before.
 
  Indeed. That is what I am trying to establish.
 
  I am as sure as I can be that this is a false positive.
 
  Mark
 
  Hi Mark, I think so to, I scanned the zips, scanned native binaries...
  conclude either something has snuck onto the MS build machine, or Avast is
  getting it wrong... I believe the later because it doesnt actually identify
  the virus, Win32 gen seems to be a generic warning with no description...
  But all this doesnt really matter... one cant recommend users ignore it,
  Avast is popular... and its just the kind of thing competition will thrive
  on... its negative marketing for TC.
  It will probably go away with a slight mod to the build and I think it has
  to be marked as urgent and the instant the next build is ready, its
  replaced.
  I would actually remove it... just the Win32 service... the zip is fine.
  Regards
  JK
 
 I agree that a false positive from Avast shouldn't be ignored, but I
 think the correct solution is for someone @apache.org to contact Avast
 and ask them to either explain what the problem is or remove Tomcat
 from their virus definitions.
 
 Sometimes the problem is caused by the installer program. There have
 been cases where the anti-virus guys mistakenly extract a signature
 from the installer program rather than the from the malware itself,
 which causes false positives on other programs using the same
 installer. Just a guess, but it seems likely here because Tomcat uses
 the popular open-source Nullsoft installer.
 -- 
 Len
 

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]