MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007482ardourotherpublic2017-09-21 07:292017-09-28 03:07
ReporterDmshch 
Assigned ToHeadwar 
PrioritynormalSeverityblockReproducibilityalways
StatusresolvedResolutionfixed 
Platform5.12OSwindowsOS Version7
Product Version5.12 
Target VersionFixed in Version 
Summary0007482: Antivirus software is alerting for installation file
DescriptionI have downloaded the ardour 5.12 installator for win32 from official site and my antivirus software has moved this file to carantine:
/home/dim/net/Ardour-5.12.0-w32-Setup.exe - infected archive:
     Ardour-5.12.0-w32-Setup.exe/libporttime-0.dll - inefected Exploit.ShellCode.40?

Is it wrong or real vulnerability?
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0020031)
Dmshch (reporter)
2017-09-21 07:39

Antivirus: DrWeb
(0020039)
Headwar (reporter)
2017-09-23 03:08

Looks like a false positive : DrWeb is alone in detecting a virus in the installer (cf https://www.virustotal.com/fr/file/b25e36cdeced1487110b8275e484f8c10490b9c241928a92c8e71180f84a40e2/analysis/1505975540/ [^]).

If you can check the MD5 of the installer, mine is af01b1133c655a64138272510544838c and it's OK.
(0020042)
Dmshch (reporter)
2017-09-26 22:48

My md5 is differed:
$ md5sum Ardour-5.12.0-w32-Setup.exe
0e21eb3fe9101f81d639908b6b5bd3a4 Ardour-5.12.0-w32-Setup.exe

I have downloaded this file from official site 3 time with same result.
So, Ardour is working without this module (I don't need the video processing, only audio). libporttime-0.dll was removed by DrWeb.
(0020043)
Headwar (reporter)
2017-09-27 23:14
edited on: 2017-09-27 23:47

I wrongly assumed you where refering to the 64b version, my bad. Nevertheless, considering the virustotal results, if you'd like to enable xjadeo later, you could probably whitelist libporttime-0.dll safely and/or report the alarm to DrWeb.

Edit : I submitted this file to DrWeb for a review as a false positive

(0020044)
Headwar (reporter)
2017-09-28 02:31

Answer from DrWeb :
"Greetings, Your request has been analyzed. It was a false alarm. The error was fixed."
(0020045)
Headwar (reporter)
2017-09-28 02:35

@Dmshch : Thanks for reporting it, I've marked this issue as solved as the next versions of DrWeb should have the file whitelisted. If not, please add a note here.
(0020046)
Dmshch (reporter)
2017-09-28 03:07

Thank you!

- Issue History
Date Modified Username Field Change
2017-09-21 07:29 Dmshch New Issue
2017-09-21 07:39 Dmshch Note Added: 0020031
2017-09-23 03:08 Headwar Note Added: 0020039
2017-09-26 22:48 Dmshch Note Added: 0020042
2017-09-27 23:14 Headwar Note Added: 0020043
2017-09-27 23:47 Headwar Note Edited: 0020043 View Revisions
2017-09-28 02:31 Headwar Note Added: 0020044
2017-09-28 02:31 Headwar Status new => resolved
2017-09-28 02:31 Headwar Resolution open => fixed
2017-09-28 02:31 Headwar Assigned To => Headwar
2017-09-28 02:35 Headwar Note Added: 0020045
2017-09-28 03:07 Dmshch Note Added: 0020046


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker