Here is the submission report for 3393192. I couldn't find it at first or
I would have forwarded if first.
As you can see here, the file I submitted had a different file name. Which
is why I think their "correction" may have been file name based.
--
Mark Miesfeld
---------- Forwarded message ----------
From: <falsepositi...@symantec.com>
Date: Sun, Dec 15, 2013 at 4:10 PM
Subject: [No Reply] False Positive submission (3393192)
To: miesf...@gmail.com
Thank you for contacting Symantec.
Your submission has been received and will be reviewed. We endeavor to
respond to all submissions within 2 working days.
The tracking number for your submission is: 3393192, please reference this
tracking number in any further correspondence on this issue.
Your submission:
-----
When did the detection you are reporting occur? = DOWNLOAD
Which product were you using when you saw this? = NIS
Which of the following types of detection are you reporting? =
AUTO-PROTECT
Name (person to contact) = Mark Miesfeld
Email address = miesf...@gmail.com
Are you the creator or distributor of the software in question? = yes
File being uploaded = oorexx420_9716-x86_32.exe
Download (or blocking) URL =
Name of the software being detected = oorexx420_9716-x86_32.exe
Name of detection given by Symantec product = Suspicious.Cloud.9.A
File hash or clipboard paste from product = This information has
disappeared. Your instructions did no good. I can not locate the event in
history.
Additional notes or steps to reproduce the detection = The file uploaded
is a Windows installation file for ooRexx an open source project. The
project is hosted on SourceForge:
https://sourceforge.net/projects/oorexx/I am a developer and committer
on the project.
I built the ooRexx interpreter and the installation package from scratch.
I had Norton AntiVirus scan the package. It reports no threats:
Scan Statistics:
Scan Start:
Local: 12/15/2013 2:55 PM
UTC: 12/15/2013 10:55 PM
Scan Time: 9 seconds
Scan Targets: C:\work.ooRexx\wc\main.4.2.0\ooRexx420_9716-x86_32.exe
Counts:
Total items scanned: 1
- Files & Directories: 1
- Registry Entries: 0
- Processes & Start-up Items: 0
- Network & Browser Items: 0
- Other: 0
- Trusted Files: 0
- Skipped Files: 0
Total security risks detected: 0
Total items resolved: 0
Total items that require attention: 0
Resolved Threats:
No risks have been resolved
Unresolved Threats:
No unresolved risks
When I go to upload the file to SoureceForge as soon as the file open
dialog appears and I navigate to the correct folder Norton AntiVirus puts
up a red alert box saying it is processing a threat. Then it automatically
deletes it.
It did the same thing when I used the Choose File button on this page. I
then used the exclude button on the threat processing page to exclude the
file so I could upload it here. Now the event from history has
disappeared. And even though I set all exclusions to none and none are
listed when I go to upload the file to SourceForge it no longer produces an
alert.
Ive been fooling with this for 2 days. Yesterday afternoon when I first
got the alert. I did a complete computer scan and besides tracking cookies
no threats were found. I did a second complete scan overnight again no
threats. It then did a complete clean of the build and built the package
immediately scanned it and then immediately tried to upload it. Got the
threat notice.
I know there is no virus in the code base and I dont see how the executable
could have got infected in such a short time. I dont understand how using
Norton AntiVirus to to scan the file can produce a no threat report and
then trying to upload the file produces a threat warning.
I dont see how two complete computer scans by Norton AntiVirus can say all
threats resolved then doing a clean build of the executable can end up with
an executable that Norton says is infected.
It seems to me this has to be a false positive.
Thanks for your time.
-----
Sincerely,
Symantec Security Response
http://securityresponse.symantec.com
This message (including any attachments) is intended only for the use of
the individual or entity to which it is addressed and may contain
information that is non-public, proprietary, privileged, confidential, and
exempt from disclosure under applicable law or may constitute as attorney
work product. If you are not the intended recipient, you are hereby
notified that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and (i) destroy
this message if a facsimile or (ii) delete this message immediately if this
is an electronic communication. Thank you.
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Oorexx-devel mailing list
Oorexx-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
