Hi all, "...ooRexx installs a system service that opens a port and
starts at system boot..." Is this a vulnerability? I have good old 4.2.0 on my
Win 7 32-bit system, and as near as I can tell RXAPI doesn't start up at all
until the first time I summon it. Just asking.
John T. đ
From: [email protected]
Date: Thu, 16 Jun 2016 13:44:46 -0700
To: [email protected]; [email protected]
Subject: Re: [Oorexx-devel] Malware Flag on 5.0.0 files
Hi,that's exactly what virustotal is good for, see my previous email. Some
scanners recognize something. While it could just be false-positives I have no
way of verifying if this is indeed the case or not. An easy check would be to
build the zip on another host and run it through virustotal again. I think it's
safe to assume we don't have a trojan in our code.
On the other hand ooRexx installs a system service that opens a port and starts
at system boot. That alone could be considered malicious behavior by a malware
scanner, even if it is for a good purpose...
Moritz
On Thu, Jun 16, 2016 at 1:16 PM, Jon Wolfers <[email protected]> wrote:
Hi,
I would be happier to do this if someone with a full strength paid for
anti-virus could confirm that Nsis_longstrings.zip and oorexx5_win32_r11047.zip
are false positives. It shouldn't be more than 10 minutes work.
thanks,
Jon
On 16 June 2016 at 10:33, René Jansen <[email protected]> wrote:
I checked the MacOSX disk image and it is fine. Jon, can you report this to the
SF admins? I gather the other files are harmless too.
best regards,
René.
On 16 jun. 2016, at 10:33, Jon Wolfers <[email protected]> wrote:
I got access to wifi. Here is the info provided by sourceforgePathScan
DateVulnerability
FoundWhitelistedoorexx-buildutils/1.2.0/Nsis_longStrings.zip2016-02-21Win.Adware.Oneinstaller
FOUND-oorexx/5.0.0alpha/oorexx5_win32_r11024.zip2016-04-24infected:
Gen:Variant.Razy.19005-oorexx/5.0.0alpha/oorexx5_win32_r11047.zip2016-06-14infected:
Gen:Variant.Razy.19005-windows-build-tools/1.0/Nsis_longStrings.zip2016-02-21Win.Adware.Oneinstaller
FOUND-
also sourceforge reports this archive
damaged.oorexx/3.2.0/ooRexx-3.2.0-2-i386-MacOSX.dmg2016-05-29archive damaged
I downloaded the above 4 zip files and scanned them with Avast which found no
threats. Sourceforge uses bitdefender, but does not reveal which member of the
archive the supposed threat is found in.
Scanning my working copy I see that Avast reports that
incubator\samples\ooDialog\ResourceEditors\openWatcom.dll has a suspected
threat Win32:evo-gen[Susp]:
Perhaps someone with another virus scanner could download and check the above
files.
Hth
Jon
On 15 June 2016 at 22:17, Moritz Hoffmann <[email protected]> wrote:
It seems quite a few scanners actually detect something [1]. Someone interested
could now go off and check every individual exe/dll file in the archive...Moritz
[1]
https://www.virustotal.com/en/file/eb98e666930e73dbb7f2652a143d7715109547c15ea47c740d6853056e7d5731/analysis/
On Wed, Jun 15, 2016 at 1:06 PM, Jon Wolfers <[email protected]> wrote:
Hi Erich,
I'm away from home till Sunday night with only access through my phone. Can
Les answer this one?
Thanks
Jon
On Jun 15, 2016 8:31 PM, "Erich Steinböck" <[email protected]> wrote:
| Which location are you getting these from, Gil?
Flags show up in the "files" oorexx/5.0.0alpha folder
All files were uploaded by me - they're just the raw zipped contents from a
build.
Seems that sourceforge scans files since a few weeks:
https://sourceforge.net/blog/sourceforge-now-scans-all-projects-for-malware-and-displays-warnings-on-downloads/
Jon, do you as an admin see what is described here,
"Project admins will get an additional dashboard that will provide more
in-depth details on why a file was flagged and how to address it. Project
admins will also be able to submit a support request related to any issue
detected by the scanners, and theyâll also be able to request a file be
whitelisted once weâve reviewed it."
Erich
On Wed, Jun 15, 2016 at 8:40 PM, René Jansen <[email protected]> wrote:
Which location are you getting these from, Gil?
René.
> On 15 jun. 2016, at 16:18, Gil Barmwater <[email protected]> wrote:
>
> Two of the 5.0.0 Alpha zip files have a malware flag on them. Any idea why?
>
> --
>
> Gil Barmwater
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
--
Moritz Hoffmann;
http://antiguru.de/
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.
http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
--
Moritz Hoffmann;
http://antiguru.de/
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
