Upon scanning the Pidgin2.12.0.exe file using VirusTotal 2 vendors show that this executable contains malware (see link to report below). Furthermore the signature chain to validate the authenticity of this download is also broken as one of the certificates expired over 6 months ago. I confirmed this is true for files served up by at least 3 of the mirrors in use.
Can someone please confirm where I can download a clean and properly certified copy of the executable from? Thanks! https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/ Signers [+] Open Source Developer, Daniel Atallah<https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/> Status This certificate or one of the certificates in the certificate chain is not time valid. Issuer Certum Code Signing CA SHA2 Valid from 8:55 PM 6/19/2016 Valid to 8:55 PM 6/19/2017 Valid usage Code Signing Algorithm sha256RSA Thumbprint D3AD05E6A0DD4B777829B84CF8E371181ACD04A7 Serial number 5C C5 71 21 D5 6F 9C CD B9 90 C4 11 89 AE 4C 0D [+] Certum Code Signing CA SHA2<https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/> [+] Certum Trusted Network CA<https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/> Counter signers [+] COMODO SHA-256 Time Stamping Signer<https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/> [+] USERTrust (Code Signing)<https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/> Christina Barker GSEC, GCFE, GCIH, GNFA [Template_GSEC]<https://www.youracclaim.com/badges/7c0a122a-c1df-4e50-a2b2-fb304087c1b2> [Template_GCFE] <https://www.youracclaim.com/badges/c714b60b-774a-4731-ad06-21545a2a99a9> [Template_GCIH] <https://www.youracclaim.com/badges/60b33f8a-a7fd-4c74-b4be-e5d73cf9ec15> [GIAC Network Forensic Analyst (GNFA)]
_______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: https://pidgin.im/cgi-bin/mailman/listinfo/support
