On 3 October 2017 at 17:40, <[email protected]> wrote: > Ok, the point is closed. > > > As recommended by the official Apache JMeter web site, I used an official > mirror site. > > I tried these 2 official French mirror sites: > http://mirrors.ircam.fr/pub/apache/
This URL works OK for me; I get the same contents as from http://www-eu.apache.org/dist/jmeter/binaries/ > http://apache.mirrors.ovh.net/ftp.apache.org/dist/ Likewise from here. > and systematically got a reject by McAfee Web Gate, respectively with the > messages > "BehavesLike.Java.Exploit.xm" > "BehavesLike.Java.Suspicious-JAR.zv" > > > Only after the mirror sites I tried Apache's official sites > http://www-eu.apache.org/dist/ > http://www-us.apache.org/dist/ > and these are fine. > > I conclude that either something is wrong on the mirror sites or McAfee WG is > overzealous... Or there was a problem with the downloads from the mirrors. Did you check the hashes or sigs of the files downloaded from the mirrors? As noted above, I don't get any issues with those mirrors. I'm not using McAfee WG but the downloaded files are identical to the ones downloaded from the ASF hosts. And the sig for the zip file checks out OK. So I think the problem is elsewhere than the mirrored files. > MD > > > > ----- Mail original ----- > De: "sebb" <[email protected]> > À: "JMeter Users List" <[email protected]> > Envoyé: Mardi 3 Octobre 2017 17:32:14 > Objet: Re: Download of JMeter zip blocked by anti-virus > > On 3 October 2017 at 15:55, <[email protected]> wrote: >> >> Hi JMeter experts ! >> >> >> The download of JMeter 3.3 (apache-jmeter-3.3.zip) is systematically blocked >> by my corporate anti-virus (McAfee Web Gate). >> >> The zip would contain a virus, the following message is issued: >> "BehavesLike.Java.Suspicious-JAR.zv" >> >> Before I reach out the McAfee WG administrator, I would like to know if >> something is wrong with the zip content ? >> >> Same observation with JMeter 3.2 zip archive. >> >> In advance, thank you very much for your help. > > What URL did you get the zip files from? > > Did you check the signature as recommended here: > > http://www.apache.org/info/verification.html > > Or did you at least check the hash? > > The KEYS, sig and hashes must be downloaded from > > https://www.apache.org/dist/jmeter/KEYS > and > https://www.apache.org/dist/jmeter/binaries > >> MD >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
