From owner-freebsd-ports@FreeBSD.ORG Sat May 4 11:48:08 2013 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id B21132CB; Sat, 4 May 2013 11:48:08 +0000 (UTC) (envelope-from linuxsecuritymrusli@gmail.com) Received: from mail-ie0-x235.google.com (mail-ie0-x235.google.com [IPv6:2607:f8b0:4001:c03::235]) by mx1.freebsd.org (Postfix) with ESMTP id 7549E157C; Sat, 4 May 2013 11:48:08 +0000 (UTC) Received: by mail-ie0-f181.google.com with SMTP id x12so2723489ief.12 for ; Sat, 04 May 2013 04:48:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=Kb7UdYS48aoG2lSLuYAHwfgfQIDaFfGyXBjRN2zuOTw=; b=RauM8icJiH6a3OBR8K9vuO8msEL+1ZONHF+KtD1j77puBVsKvpZi5XetuMjGRuo5TT Z+rLx8TRB/y09BqCUyCDOQHNm0TsLWEqxw+qsgezyfDCvRdq+P1LdAXTFZkvmsvDgrPV xfMxLhw5dCDrji1MYnqPUAa5hpxGjlRrRoJi7uJfiGjM97fqDWCJzMldL08wDO/GnDwa Hm7ta29nvxeuWVw9yOupo1n4tLbs7U6CuNkDMJit3EDxqkml6zbvpxcbSzPzhm3V99W6 QPj7rwBw/JVfXkNwq73G73500h12sgOBEuLtozNrQhcLkK+6ku0fjJcPjtVUKHKkZudr 537Q== MIME-Version: 1.0 X-Received: by 10.50.20.38 with SMTP id k6mr564107ige.50.1367668088235; Sat, 04 May 2013 04:48:08 -0700 (PDT) Received: by 10.64.35.101 with HTTP; Sat, 4 May 2013 04:48:08 -0700 (PDT) In-Reply-To: References: Date: Sat, 4 May 2013 19:48:08 +0800 Message-ID: Subject: Re: clamtk detects setuptools-0.6c11-py2.7.egg Packer.MingwGcc-2 virus From: M Rusli To: Dave M Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: ports@freebsd.org, tj@freebsd.org, secteam@freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 May 2013 11:48:08 -0000 Hi Dave, I did another scan and this time I disable the PUA settings. And clamtk did not detect any virus. I did double confirm with virustotal. And it did not detect anything. But when I do a scan again with PUA, it detected as PUA.Win32.PackerMingwGcc-2 virus. By the way, clamav have an updated version of the virus engine to version 0.97.8. Any luck when the new update version will come in for the Freebsd version??? On Sat, May 4, 2013 at 7:22 PM, Dave M wrote: > Hi, > > I'm not sure what that file is, but you could verify with that package > owner's upstream that it's good to go. > > Keep in mind that the "threat" name is "PUA" (for potentially unwanted > application) and seems to be warning based on the type of packer or > compiler used. In fact, you probably have the "Scan for PUAs" option > checked in your ClamTk preferences, otherwise this would not have > alerted. > > Once the upstream verifies it (hopefully :), please submit the file to > ClamAV (at clamav.net) as a false positive, assuming it is one. > > Let me know if I can be of assistance. > > thanks, > Dave M > > On Sat, May 4, 2013 at 6:04 AM, M Rusli > wrote: > > Hi > > > > I did a full scan on my computer with up-to-date virus of clamtk. > > > > It indicates that the > > /usr/local/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg > contains > > PUA.Win32.PackerMingwGcc-2 virus. > > > > Can you verify whether this is a PUA virus? > > > > Thank you. > > > > Rusli >