[CWB] [ cwb-Bugs-3206589 ] Windows binary detected as malware

SourceForge.net noreply at sourceforge.net
Tue Mar 15 21:11:13 CET 2011 

Bugs item #3206589, was opened at 2011-03-11 16:01
Message generated for change (Comment added) made by andrewhardie
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=722303&aid=3206589&group_id=131809

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Compilation issues
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Andrew Hardie (andrewhardie)
Assigned to: Nobody/Anonymous (nobody)
Summary: Windows binary detected as malware

Initial Comment:
Some users have reported that the Windows binary download triggers malware (trojan) warnings.

I have been unable to reproduce this and scans of the binary with the malware-detecting tools I have to hand have not produced any warnings. For the moment we should simply keep this bug open to allow collection of more and more detailed reports which might allow us to pinpoint the problem.

For the initial reports see

http://liste.sslmit.unibo.it/pipermail/cwb/2011-February/000661.html
http://liste.sslmit.unibo.it/pipermail/cwb/2011-February/000663.html

----------------------------------------------------------------------

>Comment By: Andrew Hardie (andrewhardie)
Date: 2011-03-15 20:11

Message:
I got a warning from symantec antivirus on installing a new build: as
follows

Trojan.ADH for both cwb-atoi.exe and cwb-itoa.exe

This is a slightly different warning than the one reported by Markus, but
I imagine it is probably the same thing.

The Symantec page for Trojan.ADH seems to say that this is a label it uses
when "the files have suspicious characteristics and therefore might contain
a new or unknown threat." NOT that the signature of a known
virus/trojan/whatever has been detected.

Still it remains puzzling. 

Even more puzzling is that Symantec reports it has "cleaned by deletion"
and yet the two exe files have not changed at all....

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=722303&aid=3206589&group_id=131809

More information about the CWB mailing list