anjohnson
commented
2 months ago Hi,
The example epicschat.cpp program in the EPICS Base modules/pvAccess/examples source directory gets compiled when the pvAccessCPP module is built, but it shouldn't be being run automatically at all, even if you run our self-tests after the build process. When that program runs it starts a PV Access server, which listens for connections from PV Access clients. Any connections that are made to it would have been requested by the client, not the epicschat server.
IP addresses in the range 192.168.0.0/16 are not routable across the global internet and can only be accessed within your local network from other addresses in the same subnet (192.168.1.187 is an address in your subnet). If you start the epicschat program on a local host it will broadcast a series of UDP packets to the local subnet, but shouldn't be making any connections of its own. None of the network streams you show above appear to be using the PV Access protocol which uses ports 5074 and 5075.
What version of EPICS Base did you compile, and where did you download it from? I'm not seeing anything in the information you provided which would come from a normal EPICS system.
- Andrew
mdavidsaver
Atix95
Hey everybody,
when compiling EPICS-base the epicschat.exe from the example folder is run by default.
Since we are using a new antivirus software this is detected as potentially malicious because it establishes an upstream connection to the IP address 192.168.1.187. Currently, we are compiling epics-base without the epicschat.exe as a workaround, as we do not require it for our usecase.
Has anybody else had this problem? And does anybody know what is behind this IP address?
I have added a screenshot of the file analysis from the Cisco client (Cisco is our antivirus software).
If you need any further information please let me know!
Best regards Michael