jwrb / phpdesktop

Automatically exported from code.google.com/p/phpdesktop
0 stars 0 forks source link

Antiy-AVL detects false positive Trojan/Win32.SGeneric in PHP 5.5.8 binaries #122

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
See virustotal results for PHP Desktop Chrome with PHP 5.5.8:

https://www.virustotal.com/en/file/d6e1fe7492a8c2d4c5c77373191187a0d25d7a2faeb89
18b63cf2affe15d908b/analysis/

Scanning PHP Desktop Chrome with PHP 5.4.24 is OK, no trojan detected by 
Antiy-AVL:

https://www.virustotal.com/en/file/a8ae6bea7e0b6e6b683731e2f32541f3302c401abfff1
caac655591352a31aa1/analysis/1412325034/

The OpenSSL shared library libeay32.dll (version 1.0.1.5) that is shipped with 
PHP 5.5.8 is detected as trojan by Antiy-AVL:

https://www.virustotal.com/en/file/5bdec91545de2ced4b3d8822ff8420170bb9aa24a978b
e23b01f0d6cb5a2baed/analysis/1412325917/

Also when scanning files individually, Bkav antivirus is detecting 
VEX2819.Webshell false positive virus in "php.ini-development" and 
"php.ini-production" files:

https://www.virustotal.com/en/file/67e7bb161d400b688b11e39f63ce003442237afe2c5b2
7330121099834a27f4f/analysis/1412326051/

https://www.virustotal.com/en/file/7affa08c031da13014d5b81c60d6f74e3a28fd0e5037f
c5165853c4e5d8f934b/analysis/1412326059/

-- --

We may try to use UPX compressor on the libeay32.dll to get rid of this false 
positive, a solution found here:

https://groups.google.com/d/topic/virustotal/auT8zwyBIqY/discussion

Or maybe upgrading to a newer version of PHP 5.5 will get rid of the problem.

We may also want to delete the php.ini-development and php.ini-production files 
to get rid of the Bkav false positive. It's probably a false positive because 
of the unusual extension.

Original issue reported on code.google.com by czarek.t...@gmail.com on 3 Oct 2014 at 8:58

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
In PHP 5.6.1 libeay32.dll is no more detected as Trojan. However 
php_opcache.dll extension is detected as AdWare.MSIL.DomaIQ by AegisLab - this 
extension will be removed from phpdesktop binary release.

Original comment by czarek.t...@gmail.com on 3 Oct 2014 at 1:49

GoogleCodeExporter commented 9 years ago
PHP Desktop Chrome 31.7 released.

Original comment by czarek.t...@gmail.com on 3 Oct 2014 at 4:42

GoogleCodeExporter commented 9 years ago
Project will move to Github. Find this issue at the new address (soon): 
https://github.com/cztomczak/phpdesktop/issues/122

Original comment by czarek.t...@gmail.com on 24 Aug 2015 at 3:31