search

richardlehane / siegfried

signature-based file format identification
http://www.itforarchivists.com/siegfried
Apache License 2.0
217 stars 30 forks source link

siegfried triggering malware detection #118

Closed dericed closed 5 years ago

dericed commented 5 years ago

malw

just fyi that when installing siegfried at work, my macafee virus scanner is reporting two files as trojans.

ross-spencer commented 5 years ago

Oof - look like two of my skeleton files! :(

richardlehane commented 5 years ago

thanks for letting me know Dave. As Ross notes, these are two files from his test suite - they are used in siegfried tests but aren't necessary for an install so fine I think for your virus scan to quarantine or delete them. Did the brew install work otherwise??

dericed commented 5 years ago

@richardlehane nope, brew install runs, triggers the malware detection (which deletes the file), and fails:

brew install richardlehane/digipres/siegfried
==> Installing siegfried from richardlehane/digipres
==> Downloading https://github.com/richardlehane/siegfried/archive/v1.7.8.tar.gz
Already downloaded: /Users/daverice/Library/Caches/Homebrew/siegfried-1.7.8.tar.gz
Error: No such file or directory @ rb_sysopen - /private/tmp/d20180801-77323-1m49nv9/siegfried-1.7.8/cmd/sf/testdata/skeleton-suite/fmt/fmt-640-signature-id-969.mpg
richardlehane commented 5 years ago

oh that's bad. Is installing from source an option? You can install golang with brew (brew install go). Then is just go get github.com/richardlehane/siegfried/cmd/sf to get a binary (although you might get another AV quarantine). Copy the binary to somewhere in your path and run sf -update to download a signature file.