[CWB] [ cwb-Bugs-3206589 ] Windows binary detected as malware

SourceForge.net noreply at sourceforge.net
Mon Aug 1 00:51:49 CEST 2011 

Bugs item #3206589, was opened at 2011-03-11 16:01
Message generated for change (Settings changed) made by andrewhardie
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=722303&aid=3206589&group_id=131809

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Compilation issues
>Group: TODO-3.5
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Andrew Hardie (andrewhardie)
Assigned to: Nobody/Anonymous (nobody)
Summary: Windows binary detected as malware

Initial Comment:
Some users have reported that the Windows binary download triggers malware (trojan) warnings.

I have been unable to reproduce this and scans of the binary with the malware-detecting tools I have to hand have not produced any warnings. For the moment we should simply keep this bug open to allow collection of more and more detailed reports which might allow us to pinpoint the problem.

For the initial reports see

http://liste.sslmit.unibo.it/pipermail/cwb/2011-February/000661.html
http://liste.sslmit.unibo.it/pipermail/cwb/2011-February/000663.html

----------------------------------------------------------------------

Comment By: Stefan Evert (schtepf)
Date: 2011-06-20 22:00

Message:
Avira AntiVir Personal also claims to detect a malware threat in cwb-atoi
and cwb-itoa (cwb-3.2.b3 from sf.net Web site), specified as
"TR/Swisyn.almz" and "TR/Swisyn.almy".  Here's the complete report in
German:

Jedoch wurde bereits das Entpacken der ZIP-Datei von meinem
Virenscanner unterbunden, der meldet, in den Dateien /bin/cwb-itoa.exe
bzw. /bin/cwb-atoi.exe seien Virensignaturen gefunden worden. Es
scheint sich bei der Meldung, soweit ich das Beurteilen kann, um einen
echten Signaturfund zu handeln und nicht um eine Heuristik. Laut Avira
AntiVir Personal sind die beiden Dateien von TR/Swisyn.almz,
respektive TR/Swisyn.almy befallen. (Avira AntiVir PE, Produktversion
10.0.0.468 vom 01.04.2011, Suchengine 8.02.05.14 vom 09.06.2011 und
Virusdefinitionen Version 7.11.09.159 vom 11.06.2011)


----------------------------------------------------------------------

Comment By: Andrew Hardie (andrewhardie)
Date: 2011-03-15 20:11

Message:
I got a warning from symantec antivirus on installing a new build: as
follows

Trojan.ADH for both cwb-atoi.exe and cwb-itoa.exe

This is a slightly different warning than the one reported by Markus, but
I imagine it is probably the same thing.

The Symantec page for Trojan.ADH seems to say that this is a label it uses
when "the files have suspicious characteristics and therefore might contain
a new or unknown threat." NOT that the signature of a known
virus/trojan/whatever has been detected.

Still it remains puzzling. 

Even more puzzling is that Symantec reports it has "cleaned by deletion"
and yet the two exe files have not changed at all....

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=722303&aid=3206589&group_id=131809

More information about the CWB mailing list