Thanks for the fast replies! I'm going to proceed with installation. Maybe Avast guys should be notified, but that must be done from someone regular with the project.
>-------- Оригинално писмо -------- >От: "Len Popp" >Относно: Re: Avast Antivirus and apache-tomcat-6.0.18.exe >До: "Tomcat Users List" >Изпратено на: Сряда, 2008, Август 6 03:09:50 EEST >2008/8/5 Johnny Kewl : >> >> ----- Original Message ----- From: "Mark Thomas" >> To: "Tomcat Users List" >> Sent: Tuesday, August 05, 2008 11:09 PM >> Subject: Re: Avast Antivirus and apache-tomcat-6.0.18.exe >> >> >>> Mark Thomas wrote: >>>> >>>> Ангелин Лалев wrote: >>>>> >>>>> Apparently the address is from Bulgarian mirror, where I am >>>>> automatically redirected when i load the >>>>> http://tomcat.apache.org/download-60.cgi. >>>>> The md5 sum is from there too. >>>>> >>>>> If the alert is reproducable on binaries from other mirrors that still >>>>> don't mean it's a virus. >>>>> I had false warnings with Avast before. >>>> >>>> Indeed. That is what I am trying to establish. >>> >>> I am as sure as I can be that this is a false positive. >>> >>> Mark >> >> Hi Mark, I think so to, I scanned the zips, scanned native binaries... >> conclude either something has snuck onto the MS build machine, or Avast is >> getting it wrong... I believe the later because it doesnt actually identify >> the virus, Win32 gen seems to be a generic warning with no description... >> But all this doesnt really matter... one cant recommend users ignore it, >> Avast is popular... and its just the kind of thing competition will thrive >> on... its negative marketing for TC. >> It will probably go away with a slight mod to the build and I think it has >> to be marked as urgent and the instant the next build is ready, its >> replaced. >> I would actually remove it... just the Win32 service... the zip is fine. >> Regards >> JK > >I agree that a false positive from Avast shouldn't be ignored, but I >think the correct solution is for someone @apache.org to contact Avast >and ask them to either explain what the problem is or remove Tomcat >from their virus definitions. > >Sometimes the problem is caused by the installer program. There have >been cases where the anti-virus guys mistakenly extract a signature >from the installer program rather than the from the malware itself, >which causes false positives on other programs using the same >installer. Just a guess, but it seems likely here because Tomcat uses >the popular open-source Nullsoft installer. >-- >Len > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
