Opened 16 months ago

Closed 16 months ago

Last modified 16 months ago

#6693 closed task (wontfix)

Review malware reported by clamav

Reported by: Andrew Owned by:
Priority: Should Have Milestone:
Component: Build & Packages Keywords: malware virus
Cc: Patch:

Description

In the sourcecode cloned from github malware was reported when running clamscan. Here's the output:

0ad/build/bin/cxxtestgen.exe: Win.Malware.Python-9941399-0 FOUND

This should be looked into, if not already known.

Change History (4)

comment:1 by Stan, 16 months ago

Milestone: Alpha 27

comment:2 by Langbart, 16 months ago

I can reproduce the issue, installed the software with Homebrew and tested the 0ad folder. cxxtestgen.exe is the only file where it reports malware to be FOUND.

❯ clamscan --recursive .
Loading:    18s, ETA:   0s [========================>]    8.65M/8.65M sigs       
Compiling:   4s, ETA:   0s [========================>]       41/41 tasks 

...
/Users/paria/Developer/0ad/build/bin/cxxtestgen.exe: Win.Malware.Python-9941399-0 FOUND
...

----------- SCAN SUMMARY -----------
Known viruses: 8648933
Engine version: 1.0.0
Scanned directories: 13086
Scanned files: 186208
Infected files: 1
Data scanned: 16757.98 MB
Data read: 22862.25 MB (ratio 0.73:1)
Time: 3246.375 sec (54 m 6 s)
Start Date: 2023:01:17 07:45:15
End Date:   2023:01:17 08:39:21

bisect

The following changeset is the first to contain the alleged malware.

  • 07/Mar/14 [14818] (hash: 9a840c3be8)
❯ git log --oneline --format="%cd %h %an %s" build/bin/cxxtestgen.exe
# 27/Aug/14 6c136aa9a8 Yves Updated cxxtestgen.exe for cxxtest4.4 (created as described in #2450).
# 07/Mar/14 9a840c3be8 Yves Upgrades cxxtest.
# 08/Jun/06 0816bfbca1 philip Exefied cxxtestgen.pl
Version 1, edited 16 months ago by Langbart (previous) (next) (diff)

comment:3 by Stan, 16 months ago

Milestone: Alpha 27
Resolution: wontfix
Status: newclosed

Virus Total says it's okay https://www.virustotal.com/gui/url/a7837916d2a1c67c0cd5356f334b659461a6652f3eb903cc0458035c1c4d4976?nocache=1

I suppose it's a false positive and should be reported to them. I just submitted a report.

Thanks for your ticket! And thanks for testing langbart.

comment:4 by Langbart, 16 months ago

Update: 6/Feb/23 - it's OK

❯ clamscan build/bin/cxxtestgen.exe
Loading:    16s, ETA:   0s [========================>]    8.65M/8.65M sigs       
Compiling:   4s, ETA:   0s [========================>]       41/41 tasks 

/Users/paria/Developer/0ad/build/bin/cxxtestgen.exe: OK

----------- SCAN SUMMARY -----------
Known viruses: 8651667
Engine version: 1.0.0
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 3.60 MB
Data read: 3.38 MB (ratio 1.06:1)
Time: 22.752 sec (0 m 22 s)
Start Date: 2023:02:06 14:39:47
End Date:   2023:02:06 14:40:10
Last edited 16 months ago by Langbart (previous) (diff)
Note: See TracTickets for help on using tickets.