Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 4 May 2013 19:48:08 +0800
From:      M Rusli <linuxsecuritymrusli@gmail.com>
To:        Dave M <dave.nerd@gmail.com>
Cc:        ports@freebsd.org, tj@freebsd.org, secteam@freebsd.org
Subject:   Re: clamtk detects setuptools-0.6c11-py2.7.egg Packer.MingwGcc-2 virus
Message-ID:  <CADUSB=wvWnV6AaJmof0ZUHa6s2-ejhgL9vQ8cUDsiPMooSx89w@mail.gmail.com>
In-Reply-To: <CAPk1mureXe11Ci5aWNyWBQ1BO7yJ9baT=Y0X9XdGAeUkBx9cOA@mail.gmail.com>
References:  <CADUSB=wR-VAkSYwHOXvnhPaT48WEePP8L7coTnbijV320=Y0Pw@mail.gmail.com> <CAPk1mureXe11Ci5aWNyWBQ1BO7yJ9baT=Y0X9XdGAeUkBx9cOA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Dave,

I did another scan and this time I disable the PUA settings. And clamtk did
not detect any virus.

I did double confirm with virustotal. And it did not detect anything.

But when I do a scan again with PUA, it detected as
PUA.Win32.PackerMingwGcc-2 virus.

By the way, clamav have an updated version of the virus engine to version
0.97.8.

Any luck when the new update version will come in for the Freebsd version???


On Sat, May 4, 2013 at 7:22 PM, Dave M <dave.nerd@gmail.com> wrote:

> Hi,
>
> I'm not sure what that file is, but you could verify with that package
> owner's upstream that it's good to go.
>
> Keep in mind that the "threat" name is "PUA" (for potentially unwanted
> application) and seems to be warning based on the type of packer or
> compiler used.  In fact, you probably have the "Scan for PUAs" option
> checked in your ClamTk preferences, otherwise this would not have
> alerted.
>
> Once the upstream verifies it (hopefully :), please submit the file to
> ClamAV (at clamav.net) as a false positive, assuming it is one.
>
> Let me know if I can be of assistance.
>
> thanks,
> Dave M
>
> On Sat, May 4, 2013 at 6:04 AM, M Rusli <linuxsecuritymrusli@gmail.com>
> wrote:
> > Hi
> >
> > I did a full scan on my computer with up-to-date virus of clamtk.
> >
> > It indicates that the
> > /usr/local/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg
> contains
> > PUA.Win32.PackerMingwGcc-2 virus.
> >
> > Can you verify whether this is a PUA virus?
> >
> > Thank you.
> >
> > Rusli
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADUSB=wvWnV6AaJmof0ZUHa6s2-ejhgL9vQ8cUDsiPMooSx89w>