Michael Goffioul wrote: > I scanned octave.exe through > http://virscan.org and only 2 (out of 36) AV detected the Zhelatin worm: > Antivir and Ikarus. From user reports, the previous 3.0.0 version also > has the same problem, but this release dates back from December 2007 > and has been downloaded more than 70,000 times. Is it imaginable that > a worm was present at that time and that nobody detected it during > 6 months...? All this makes me think there's a higher probability that > this is a false positive detection.
A suggestion: When posting a binary (especially a Win32 binary) build it in two places and include its MD5 fingerprint. Your binary is is known to be good because it was built from source without any possibility of worm, etc. The user can verify the file on his disk -- the one triggering the virus alarm -- has the very same fingerprint, and can tell the AV vendor. Either the user or the vendor can reproduce the binary from the sources and (one hopes) match the fingerprint, thereby demonstrating what must be so: that the scanning software is producing a false positive. Matching a fingerprint can be tricky because it relies on having identical build environments. But even the user who never compiles can know that the file resident on his disk still matches the one you originally built and posted for download. That's pretty good assurance there's no real virus involved. To verify the integrity of your build environment, it would be well to have two people build identical binaries with matching fingerprints. The likelihood of two identical infections is vanishingly small. With the above procedure in place, any questions about infection can be answered by the user and AV vendor. Humbly submitted, --jkl ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Octave-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/octave-dev
