[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Spyware in Octave
From: |
Labitt, Bruce |
Subject: |
RE: Spyware in Octave |
Date: |
Wed, 17 Sep 2008 13:15:48 -0400 |
-----Original Message-----
From: dbateman [mailto:address@hidden
Sent: Wednesday, September 17, 2008 11:51 AM
To: address@hidden
Subject: RE: Spyware in Octave
Labitt, Bruce wrote:
>
> I ran the version of sed.exe that installs in c:\Program
> Files\Octave\bin on the scanner below and came up with one of the AV
> programs indicating it was suspicious.
>
> VirSCAN.org Scanned Report :
> Scanned time : 2008/09/17 09:43:30 (EDT)
> Scanner results: 3% Scanner(1/36) found malware!
> File Name : sed.exe
> File Size : 102400 byte
> File Type : PE32 executable for MS Windows (console) Intel 80386
> 32-bit
> MD5 : df03c9fb9ebcbf8364cd8874583790b9
> SHA1 : 2b3eebc9994b595ef81a5d684fc87f62e6ba3247
> Online report :
> http://virscan.org/report/0a85e2e2bb20e977f32ef16548e6393b.html
>
> Scanner Engine Ver Sig Ver Sig Date Time
Scan
> result
> a-squared 4.0.0.14 2008.09.16 2008-09-16 1.54 -
> AhnLab V3 2008.09.17.02 2008.09.17 2008-09-17 0.94 -
> AntiVir 7.8.1.28 7.0.6.170 2008-09-17 2.29 -
> Arcavir 1.0.5 200809171009 2008-09-17 1.22 -
>
> <snip>
>
> Fortinet 2.81-3.113 9.560 2008-09-17 0.19
> Suspicious
> McAfee 5.3.00 5385 2008-09-16 1.86 -
> Microsoft 1.3903 2008.09.17 2008-09-17 4.54 -
> <snip>
>
Ok then the fact that only one out of thirty six find it "suspicious" is
a
pretty good indication of a false positive on the part of your spyware
scanner. Note that the above scanner in fact runs all of the major
malware
scanners against the same binary, with up to date definition files, so
if a
large percentage of these don't flag something you can safely ignore the
issue.
> sed.exe appears to be installed in two places. The 100K file is in
the
> Octave\bin directory. There is also another sed.exe that is installed
> in the Octave\mysys\bin directory which is only 47K. Only the
> Octave\bin\sed.exe is flagged as being suspicious.
>
Not sure why Michael included a second version. Perhaps he built his own
MSVC sed in octave/bin/sed.exe and the other one just happened to be
there,
built with mingw, when he installed msys. You'd have to ask Michael for
the
reason.
D.
[Labitt, Bruce]
===========================================================
I'm not that concerned. It may be that the Fortinet report is a false
positive. I'm just reporting my results to the list. My company uses
McAfee, which has not found an issue.
-Bruce
- RE: Spyware in Octave, (continued)
- Spyware in Octave, Thomas L. Scofield, 2008/09/16
- Spyware in Octave, Thomas L. Scofield, 2008/09/16
- Re: Spyware in Octave, dbateman, 2008/09/17
- RE: Spyware in Octave, Labitt, Bruce, 2008/09/17
- RE: Spyware in Octave, dbateman, 2008/09/17
- RE: Spyware in Octave,
Labitt, Bruce <=
- Re: Spyware in Octave, Michael Goffioul, 2008/09/18
- Re: Spyware in Octave, dbateman, 2008/09/18
Re: Spyware in Octave, Michael Goffioul, 2008/09/18