Date: Sun, 5 May 2013 05:41:59 +0800 From: M Rusli <linuxsecuritymrusli@gmail.com> To: Dave M <dave.nerd@gmail.com> Cc: ports@freebsd.org, tj@freebsd.org, secteam@freebsd.org Subject: Re: clamtk detects setuptools-0.6c11-py2.7.egg Packer.MingwGcc-2 virus Message-ID: <CADUSB=xEQoDoUsy0=6Xd0JeHej_siXNLoCWoKDr8oK7qJdcHow@mail.gmail.com> In-Reply-To: <CAPk1mupuZfk3z7Cyp8UFeTTMTdznMar6iX5btUmcX2YNT2NDFQ@mail.gmail.com> References: <CADUSB=wR-VAkSYwHOXvnhPaT48WEePP8L7coTnbijV320=Y0Pw@mail.gmail.com> <CAPk1mureXe11Ci5aWNyWBQ1BO7yJ9baT=Y0X9XdGAeUkBx9cOA@mail.gmail.com> <CADUSB=wvWnV6AaJmof0ZUHa6s2-ejhgL9vQ8cUDsiPMooSx89w@mail.gmail.com> <CAPk1mupuZfk3z7Cyp8UFeTTMTdznMar6iX5btUmcX2YNT2NDFQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Dave, Thanks! Clamav scan engine have been updated to 0.97.8. On Sat, May 4, 2013 at 7:54 PM, Dave M <dave.nerd@gmail.com> wrote: > Hi, > > It's okay to check things with PUA settings - sometimes they really > are "unwanted" applications. You did the right thing by asking others > to verify and submitting it to VT for a second opinion. > > Sorry, I have no idea when FreeBSD will upgrade. It all comes down to > the FreeBSD maintainer - when they get to it and upload it. Fedora > doesn't have it yet either. > > respectfully > dave > > On Sat, May 4, 2013 at 6:48 AM, M Rusli <linuxsecuritymrusli@gmail.com> > wrote: > > Hi Dave, > > > > I did another scan and this time I disable the PUA settings. And clamtk > did > > not detect any virus. > > > > I did double confirm with virustotal. And it did not detect anything. > > > > But when I do a scan again with PUA, it detected as > > PUA.Win32.PackerMingwGcc-2 virus. > > > > By the way, clamav have an updated version of the virus engine to version > > 0.97.8. > > > > Any luck when the new update version will come in for the Freebsd > version??? > > > > > > On Sat, May 4, 2013 at 7:22 PM, Dave M <dave.nerd@gmail.com> wrote: > >> > >> Hi, > >> > >> I'm not sure what that file is, but you could verify with that package > >> owner's upstream that it's good to go. > >> > >> Keep in mind that the "threat" name is "PUA" (for potentially unwanted > >> application) and seems to be warning based on the type of packer or > >> compiler used. In fact, you probably have the "Scan for PUAs" option > >> checked in your ClamTk preferences, otherwise this would not have > >> alerted. > >> > >> Once the upstream verifies it (hopefully :), please submit the file to > >> ClamAV (at clamav.net) as a false positive, assuming it is one. > >> > >> Let me know if I can be of assistance. > >> > >> thanks, > >> Dave M > >> > >> On Sat, May 4, 2013 at 6:04 AM, M Rusli <linuxsecuritymrusli@gmail.com> > >> wrote: > >> > Hi > >> > > >> > I did a full scan on my computer with up-to-date virus of clamtk. > >> > > >> > It indicates that the > >> > /usr/local/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg > >> > contains > >> > PUA.Win32.PackerMingwGcc-2 virus. > >> > > >> > Can you verify whether this is a PUA virus? > >> > > >> > Thank you. > >> > > >> > Rusli > > > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADUSB=xEQoDoUsy0=6Xd0JeHej_siXNLoCWoKDr8oK7qJdcHow>