Re: Sourceforge pidgin download page blocked by google chrome as malicious
Guys, if I may, that's the binary file (Pidgin-2.10.11.exe) that was downloaded that seems to get blocked (in fact, local detection of malicious files by browser itself). Here is an example of such an alert with a Chrome derivative browser (Dragon): [image: Images intégrées 1] Despite my efforts, I could not reproduce any scenario where this was the download URL that was blocked, therefore I believe this is a file-based detection. Now if you really look at VirusTotal, the Pidgin installer is not supposed to be fully clean: https://www.virustotal.com/en/file/2a2c58cba5f9360f5f48cc59ccb5e1f82d59c3cc87a52648e9bd45b3968e10e3/analysis/ - Rising AV repots it as PE:Trojan.Win32.Generic.141A9A33!337287731 - Clam AV detects it as PUA - Symantec reputation reports a suspicious.insight This might be due to a detection of screen capture capability (look at Zemana results), but can't be sure right now, just thinking out loud. Anyway, I would try to report this to Google, as a potential FP. My 2 cents, 2015-02-24 20:03 GMT+01:00 Ethan Blanton e...@pidgin.im: Bogdan Harjoc spake unto us the following wisdom: Tried to get pidgin-2.10.11 for windows from pidgin.im, and after the 5 second delay on sourceforge, was greeted by a red page in chrome, saying the site was blacklisted. I downloaded the file anyway and chrome deleted it after the download completed, calling the .exe 'malicious' as well. Virustotal says the file is clean ( 2a2c58cba5f9360f5f48cc59ccb5e1f82d59c3cc87a52648e9bd45b3968e10e3 ), maybe someone at google should be politely asked to drop sourceforge.net from their blacklist ? This is probably due to a recent, well-known bogus DMCA takedown notice. I expect the courts will straighten it out for us. Ethan ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: https://pidgin.im/cgi-bin/mailman/listinfo/support -- Philippe Vialle ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: https://pidgin.im/cgi-bin/mailman/listinfo/support
Re: Antivirus Scan after file-transfer
Hi, I work on antivirus and other IT security issues. AFAIK, if your antivirus has been correctly installed and set up, it will scan any new file that is being written on the HDD. Thus, any file transfer would be silently scanned, no matter if the file came from an HTTP/FTP access or IM file transfer. I would suggest you to scan the suspicious file using www.virustotal.comanyway, just in case of. Still, the most important is to have an antivirus up to date, with full-patched softwares. HTH. Cheers, 2011/7/28 Anonymous Remailer (austria) mixmas...@remailer.privacy.at hi, would be nice if you could integrate antivirus scanning option after after file-transfer. ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support -- Philippe Vialle ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: Norton Deletes pidgin.exe
Hi all, it seems indeed that this is a pure Norton issue, since pidgin.exe (last version) is not being detected as a malware by 42 different AV engines ( www.virustotal.com). You could report that to the Norton's support, and/or set it up as an exclusion, as other folks said. HTH. Cheers, -- Ph. VIALLE Computers security consultant www.ph-v.net 2011/6/27 Brian Morrison b...@fenrir.org.uk On Mon, 27 Jun 2011 10:58:24 -0400 Ethan Blanton e...@pidgin.im wrote: Daniel Curry spake unto us the following wisdom: I don't know if one aware that Norton (symatic) antivirus deletes pidgin.exe 2.9 binary file. 2.8 and below was no problem. You need to report this to Norton, their antivirus is broken and wrong. It should be possible to temporarily prevent Norton from scanning the directory where the Pidgin files reside. -- Brian Morrison ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: Kaspersky caught this as a virus
Hi, FYI, analysing sendbutton.dll of Pidigin 2.7.5 (W7 x64), VT gives 1/43:: http://www.virustotal.com/file-scan/report.html?id=ca09e8c361da7859e1fe462dfdb9b053956a655717a032910474987eb9b2a0af-1290642057 whereas sendbutton.dll of Pidgin 2.7.7 (W7, x64) gives the following result (0 detection): http://www.virustotal.com/file-scan/report.html?id=eab8a3eea75e0124ada08e125adaad69943365a5964ac7c88e4413799b95e4f6-1290642550 and BTW, I have to say that ClamAV in the could did not detect anything. HTH. Cheers, 2010/11/25 Ahmed Elgarhy ahmed.elga...@hotmail.com Kaspersky caught this as a virus Pidgin/plugins/sendbutton.dll more info : http://www.securelist.com/en/descriptions/Trojan.Win32.Swisyn.aqkt ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support -- Philippe Vialle computers security consultant ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
