gitsql / SQL-Server-Edition

SQL Server Edition
8 stars 2 forks source link

Download - Trojan #13

Closed jhewitt0 closed 8 years ago

jhewitt0 commented 8 years ago

Hi, I tried to download the installer and Norton anti-virus removes the file because it thinks it has a Trojan in the file. Can you verify that the installer is in fact clean and safe to use?

Thanks!

image

anupsaund commented 8 years ago

Hi @jhewitt0 ,

Thanks for logging this issue - we had another report of it, via Kaspersky but put it down to a false positive.

I have looked in more detail, and scanned the installer using http://www.virustotal.com

The report comes back with the following;

https://www.virustotal.com/en/file/8f8511d8784143c889f5cc23b4ffac4ad9c886f218aa3f3ed475285cb15dc2fa/analysis/

6/56 Antivirus applications detect issues with the installer.

I started off by scanning the build server using malwarebytes - that came back with a clean report of the system. The next step was to check the installer packager.

We use Inno Setup. -> An old version.

I have updated the Inno Setup Build Service to the latest version and recompiled an installer. I submitted this to virustotal and it came back with the following result: https://www.virustotal.com/en/file/82aa026fe1716abb4e624f9b895e15f3648715eff93f66c754a9b02ee44d6732/analysis/

3/56 Antivirus programs are saying the installer has issues.

This new installer package has been put onto the gitSQL website - but it still leaves us with the problem that the following AV programs will stop the installation;

On a side note, I had a check on Kaspersky to see if gitSQL.exe is in there list of known applications.

They have gitSQL versions 1.0.0.0 and 1.0.1.0 in their known (safe) applications. http://whitelist.kaspersky.com/advisor#search/gitsql

Would you try the latest installer on the website please?

I will continue to look at the issue to see what items inside the installer are causing the false positive.

anupsaund commented 8 years ago

I have submitted the installer to Symantec for a false positive review.

image

I will try to submit to Avast and Qihoo-360 too...

anupsaund commented 8 years ago

Submitted false positive to Kaspersky

anupsaund commented 8 years ago

Submitted false positive to Avast

anupsaund commented 8 years ago

Submitted false positive to 360 total security via https://www.360totalsecurity.com/en/suspicion/

anupsaund commented 8 years ago

Response from Symantec

Symantec FP Incident Response <falsepositives@symantec.com>
In relation to submission [3942278].

Having reviewed the information provided we are unable to reproduce or confirm the issue described.

Please ensure that you are using Symantec's latest virus definitions for detection. These can be found using live update or alternatively via the URL below.
http://securityresponse.symantec.com/avcenter/defs.download.html
anupsaund commented 8 years ago

Response from Kaspersky

newvirus@kaspersky.com

Hello,

Sorry, it was a false detection. It will be fixed in the next update.
Thank you for your help.

Sincerely yours,
S*** *****n,
Malware analyst.
anupsaund commented 8 years ago

Response from Total 360.

Dear Sir or Madam,

The file that you’ve submitted has been analyzed(Time: 2016-04-27 04:40:02; Software: setup-gitsql-1-2-1-exe; ID:2425879).

We sincerely appreciate your help of improving our products and services.

Result: Proper actions have been taken. If the false positive happens again, please add it into local Trust List and contact us again with support@360safe.com .

Thanks for your support.

Sounds a bit vague but I think it means it was a false positive.

anupsaund commented 8 years ago

Response from Avast.

Avast Customer Care customer.care@avast.com via freshdesk.com 

Hello again,

Our virus specialists have been working on this problem and it has now been resolved. The provided file isn't detected by Avast anymore.

Please check the following articles about Avast virus policy:
Avast Clean Guidelines: https://www.avast.com/faq.php?article=AVKB228
Avast File Whitelisting: https://www.avast.com/en-us/faq.php?article=AVKB229

We are sorry for the inconvenience. If you have any further questions, don't hesitate to contact me again.
IOExceptional commented 8 years ago

Great work @anupsaund, thanks for the clarification

jhewitt0 commented 8 years ago

Thanks for all the work on checking this out. I'll give it another try and see if I can get it to download.

shuzer commented 8 years ago

Wanted to give the free edition a whirl to see if it will meet my group's needs -- but our corporate Web Gateway (McAfee Web Gateway) is detecting this as a trojan as well and will not allow me to download it.

anupsaund commented 8 years ago

Hi @shuzer,

I had a look to see how I would go about reporting a false positive to McAfee;

Details here; https://kc.mcafee.com/corporate/index?page=content&id=KB62662&actp=null&viewlocale=en_US

I think I may not have enough information to submit the request :0(

Would you be able to get the installer whitelisted internally @work instead?

Sorry if it's a poor suggestion.