View Issue Details

IDProjectCategoryView StatusLast Update
0007482ardourotherpublic2020-04-19 20:18
ReporterDmshch Assigned ToHeadwar  
PrioritynormalSeverityblockReproducibilityalways
Status closedResolutionfixed 
Platform5.12OSwindowsOS Version7
Product Version5.12 
Summary0007482: Antivirus software is alerting for installation file
DescriptionI have downloaded the ardour 5.12 installator for win32 from official site and my antivirus software has moved this file to carantine:
/home/dim/net/Ardour-5.12.0-w32-Setup.exe - infected archive:
     Ardour-5.12.0-w32-Setup.exe/libporttime-0.dll - inefected Exploit.ShellCode.40?

Is it wrong or real vulnerability?
TagsNo tags attached.

Activities

Dmshch

2017-09-21 14:39

reporter   ~0020031

Antivirus: DrWeb

Headwar

2017-09-23 10:08

reporter   ~0020039

Looks like a false positive : DrWeb is alone in detecting a virus in the installer (cf https://www.virustotal.com/fr/file/b25e36cdeced1487110b8275e484f8c10490b9c241928a92c8e71180f84a40e2/analysis/1505975540/).

If you can check the MD5 of the installer, mine is af01b1133c655a64138272510544838c and it's OK.

Dmshch

2017-09-27 05:48

reporter   ~0020042

My md5 is differed:
$ md5sum Ardour-5.12.0-w32-Setup.exe
0e21eb3fe9101f81d639908b6b5bd3a4 Ardour-5.12.0-w32-Setup.exe

I have downloaded this file from official site 3 time with same result.
So, Ardour is working without this module (I don't need the video processing, only audio). libporttime-0.dll was removed by DrWeb.

Headwar

2017-09-28 06:14

reporter   ~0020043

Last edited: 2017-09-28 06:47

I wrongly assumed you where refering to the 64b version, my bad. Nevertheless, considering the virustotal results, if you'd like to enable xjadeo later, you could probably whitelist libporttime-0.dll safely and/or report the alarm to DrWeb.

Edit : I submitted this file to DrWeb for a review as a false positive

Headwar

2017-09-28 09:31

reporter   ~0020044

Answer from DrWeb :
"Greetings, Your request has been analyzed. It was a false alarm. The error was fixed."

Headwar

2017-09-28 09:35

reporter   ~0020045

@Dmshch : Thanks for reporting it, I've marked this issue as solved as the next versions of DrWeb should have the file whitelisted. If not, please add a note here.

Dmshch

2017-09-28 10:07

reporter   ~0020046

Thank you!

system

2020-04-19 20:18

developer   ~0023773

Issue has been closed automatically, by Trigger Close Plugin.
Feel free to re-open with additional information if you think the issue is not resolved.

Issue History

Date Modified Username Field Change
2017-09-21 14:29 Dmshch New Issue
2017-09-21 14:39 Dmshch Note Added: 0020031
2017-09-23 10:08 Headwar Note Added: 0020039
2017-09-27 05:48 Dmshch Note Added: 0020042
2017-09-28 06:14 Headwar Note Added: 0020043
2017-09-28 06:47 Headwar Note Edited: 0020043
2017-09-28 09:31 Headwar Note Added: 0020044
2017-09-28 09:31 Headwar Status new => resolved
2017-09-28 09:31 Headwar Resolution open => fixed
2017-09-28 09:31 Headwar Assigned To => Headwar
2017-09-28 09:35 Headwar Note Added: 0020045
2017-09-28 10:07 Dmshch Note Added: 0020046
2020-04-19 20:18 system Note Added: 0023773
2020-04-19 20:18 system Status resolved => closed