> So I think the problem is elsewhere than the mirrored files. I believe the antivirus wasn't looking at the content but the URL for Java binaries. Known mirrors were "safe".
--emi On Tue, Oct 3, 2017 at 10:11 PM, sebb <[email protected]> wrote: > On 3 October 2017 at 17:40, <[email protected]> wrote: > > Ok, the point is closed. > > > > > > As recommended by the official Apache JMeter web site, I used an > official mirror site. > > > > I tried these 2 official French mirror sites: > > http://mirrors.ircam.fr/pub/apache/ > > This URL works OK for me; I get the same contents as from > > http://www-eu.apache.org/dist/jmeter/binaries/ > > > http://apache.mirrors.ovh.net/ftp.apache.org/dist/ > > Likewise from here. > > > and systematically got a reject by McAfee Web Gate, respectively with > the messages > > "BehavesLike.Java.Exploit.xm" > > "BehavesLike.Java.Suspicious-JAR.zv" > > > > > > Only after the mirror sites I tried Apache's official sites > > http://www-eu.apache.org/dist/ > > http://www-us.apache.org/dist/ > > and these are fine. > > > > I conclude that either something is wrong on the mirror sites or McAfee > WG is overzealous... > > Or there was a problem with the downloads from the mirrors. > > Did you check the hashes or sigs of the files downloaded from the mirrors? > > As noted above, I don't get any issues with those mirrors. > I'm not using McAfee WG but the downloaded files are identical to the > ones downloaded from the ASF hosts. > And the sig for the zip file checks out OK. > > So I think the problem is elsewhere than the mirrored files. > > > MD > > > > > > > > ----- Mail original ----- > > De: "sebb" <[email protected]> > > À: "JMeter Users List" <[email protected]> > > Envoyé: Mardi 3 Octobre 2017 17:32:14 > > Objet: Re: Download of JMeter zip blocked by anti-virus > > > > On 3 October 2017 at 15:55, <[email protected]> wrote: > >> > >> Hi JMeter experts ! > >> > >> > >> The download of JMeter 3.3 (apache-jmeter-3.3.zip) is systematically > blocked by my corporate anti-virus (McAfee Web Gate). > >> > >> The zip would contain a virus, the following message is issued: > "BehavesLike.Java.Suspicious-JAR.zv" > >> > >> Before I reach out the McAfee WG administrator, I would like to know if > something is wrong with the zip content ? > >> > >> Same observation with JMeter 3.2 zip archive. > >> > >> In advance, thank you very much for your help. > > > > What URL did you get the zip files from? > > > > Did you check the signature as recommended here: > > > > http://www.apache.org/info/verification.html > > > > Or did you at least check the hash? > > > > The KEYS, sig and hashes must be downloaded from > > > > https://www.apache.org/dist/jmeter/KEYS > > and > > https://www.apache.org/dist/jmeter/binaries > > > >> MD > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] > >> For additional commands, e-mail: [email protected] > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
