Date: Mon, 06 May 2013 04:32:50 -0400 From: Tom Judge <tjudge@sourcefire.com> To: M Rusli <linuxsecuritymrusli@gmail.com> Cc: ports@freebsd.org, Dave M <dave.nerd@gmail.com>, secteam@freebsd.org Subject: Re: clamtk detects setuptools-0.6c11-py2.7.egg Packer.MingwGcc-2 virus Message-ID: <51876AB2.50905@sourcefire.com> In-Reply-To: <CADUSB=wvWnV6AaJmof0ZUHa6s2-ejhgL9vQ8cUDsiPMooSx89w@mail.gmail.com> References: <CADUSB=wR-VAkSYwHOXvnhPaT48WEePP8L7coTnbijV320=Y0Pw@mail.gmail.com> <CAPk1mureXe11Ci5aWNyWBQ1BO7yJ9baT=Y0X9XdGAeUkBx9cOA@mail.gmail.com> <CADUSB=wvWnV6AaJmof0ZUHa6s2-ejhgL9vQ8cUDsiPMooSx89w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Rusli, I have sent this information over to the ClamAV detection team, to validate that the signature is correct. Could you please send me a copy of the file off list? Thanks Tom Judge - -- Senior Research Engineer Sourcefire Vulnerability Research Team FreeBSD Ports Committer On 5/4/13 7:48 AM, M Rusli wrote: > Hi Dave, > > I did another scan and this time I disable the PUA settings. And > clamtk did not detect any virus. > > I did double confirm with virustotal. And it did not detect > anything. > > But when I do a scan again with PUA, it detected as > PUA.Win32.PackerMingwGcc-2 virus. > > By the way, clamav have an updated version of the virus engine to > version 0.97.8. > > Any luck when the new update version will come in for the Freebsd > version??? > > > On Sat, May 4, 2013 at 7:22 PM, Dave M <dave.nerd@gmail.com > <mailto:dave.nerd@gmail.com>> wrote: > > Hi, > > I'm not sure what that file is, but you could verify with that > package owner's upstream that it's good to go. > > Keep in mind that the "threat" name is "PUA" (for potentially > unwanted application) and seems to be warning based on the type of > packer or compiler used. In fact, you probably have the "Scan for > PUAs" option checked in your ClamTk preferences, otherwise this > would not have alerted. > > Once the upstream verifies it (hopefully :), please submit the file > to ClamAV (at clamav.net <http://clamav.net>) as a false positive, > assuming it is one. > > Let me know if I can be of assistance. > > thanks, Dave M > > On Sat, May 4, 2013 at 6:04 AM, M Rusli > <linuxsecuritymrusli@gmail.com > <mailto:linuxsecuritymrusli@gmail.com>> wrote: >> Hi >> >> I did a full scan on my computer with up-to-date virus of >> clamtk. >> >> It indicates that the >> /usr/local/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg > >> contains >> PUA.Win32.PackerMingwGcc-2 virus. >> >> Can you verify whether this is a PUA virus? >> >> Thank you. >> >> Rusli > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRh2qyAAoJEEJSM9yB4iIWxXcIAI3ePPhwsOUur1EedxMJ51GI k3wpqpFu063IRGvg22GOu+//jx8GOpL9oh4Cyx2F0Av1JXtN2NwAAEaEFid8gZB1 yEN8gtAz72pia/SgV+j5KDWeYWuKuhSXDlVZwYuIm9B+vy3UQ93xE1WcCkN97BtF V8VyM8111+DL6tXTm7ik8EU5rkmJCc2vI3VjnIMWlZhJXPLPugSWBDnF9vM63gww XDDyWYAP1bqhFnUnJXkExoBZKQJ/xP2RlInLwcytXMbAdbmAXiqPM74g2aB96685 BfQA03dv0r2idgPekff9ppVprT9/roRK6AGsGO8r0+b9aDPxfY/mfnYIXQEhd/c= =obvO -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51876AB2.50905>