search

polyhedraltech / SecurityTesting

Eclipse plugin suite providing integration with security testing tools.
Apache License 2.0
11 stars 3 forks source link

Is this plugin secure? #3

Closed ModernTek closed 8 years ago

ModernTek commented 8 years ago

Leonard, I was trying to download source code as zip from Social Security computer and system does not let me do it. It tells me that the zip file contain malware. This is a message:

Malware Detected
The transferred file contained a virus and was therefore blocked.
URL: https://codeload.github.com/polyhedraltech/SecurityTesting/zip/master Media Type: application/java-vm Virus Name: McAfeeGW: BehavesLike.Java.Trojan.zm

Are aware of that?

polyhedraltech commented 8 years ago

I'm not sure what is triggering the malware warning. Since you say you're trying to download from a Social Security computer, I'm going to assume that you're working on a device owned and managed by the U.S. government. As such, those computer systems tend to have very high levels of restrictions on what is allowed to be downloaded.

I see that your scanner is reporting that the ZIP files contains a media type of "application/java-vm". This is technically true as the plugin is written in Java, but this plugin project only contains Java source code, not any executable class files or other binaries. The plugin code calls a Java Runtime exec to launch ZAP in headless mode, it's possible that the scanner is detecting that and flagging it as suspicious.

Please note, I have run this code through multiple anti-virus programs and none of them have turned up any issues. You can see the results of the scan I performed through Virus Total here:

https://www.virustotal.com/en/file/b0c8f0df4c1d9414b34233f3a8824011acfb166a6ce3558d9e0eb1e6d3d7d044/analysis/1461871658/

If you can provide more details about the nature of your reported finding, I will be happy to look into it, but I'm guessing that the issue is a false positive being reported by your scanner.

ModernTek commented 8 years ago

Gregory,Thank you very much for fast response. I am working on device owned by SSA.I was very excited to find out about existence of this plugin. I am going to contact SSA team and provide information given by you and see what they say.I will also ask fro any additional info about result of scanning.Natalie Vaslavsky   On 04/28/16, Gregory Leonardnotifications@github.com wrote: I'm not sure what is triggering the malware warning. Since you say you're trying to download from a Social Security computer, I'm going to assume that you're working on a device owned and managed by the U.S. government. As such, those computer systems tend to have very high levels of restrictions on what is allowed to be downloaded. I see that your scanner is reporting that the ZIP files contains a media type of "application/java-vm". This is technically true as the plugin is written in Java, but this plugin project only contains Java source code, not any executable class files or other binaries. The plugin code calls a Java Runtime exec to launch ZAP in headless mode, it's possible that the scanner is detecting that and flagging it as suspicious.Please note, I have run this code through multiple anti-virus programs and none of them have turned up any issues. You can see the results of the scan I performed through Virus Total here:https://www.virustotal.com/en/file/b0c8f0df4c1d9414b34233f3a8824011acfb166a6ce3558d9e0eb1e6d3d7d044/analysis/1461871658/If you can provide more details about the nature of your reported finding, I will be happy to look into it, but I'm guessing that the issue is a false positive being reported by your scanner.—You are receiving this because you authored the thread.Reply to this email directly or view it on GitHub

polyhedraltech commented 8 years ago

Ok, let me know what their response is. I'm going to close out this thread, but feel free to reach out if you get any more information.

Regards, Greg