[chirp_users] Panda reported a virus in Oct 9 and Oct 13 daily builds.
Panda reported a virus W32/Exploit.gen in Oct9 daily build and also today, Oct 13. My system Win7 on Toshib Ultrabook Core i3.
Please, advise.
Best,
Alex.
On Tue, Oct 13, 2015 at 1:56 PM, Alexander Chaihorsky xyz1953@gmail.com wrote:
Panda reported a virus W32/Exploit.gen in Oct9 daily build and also today, Oct 13. My system Win7 on Toshib Ultrabook Core i3.
Please, advise.
The Chirp source code is available to read. There's quite obviously (at least as a developer) not a virus in there.
Your anti-virus software is wrong. I suggest disabling it.
Tom KD7LXL
Tom,
Thanks for prompt response.
You may be right, but the source code argument is not very convincing. The fact that there is nothing in the source code does not mean that the compiled package could not pick up a piggyback virus. Or that it was, actually introduced by the infected compiler. The older version that I used (couple of weeks ago, I can check) had no problem, though. Please, advise,
Thanks again for the prompt response.
Alex.
Sent from my iPad
On Oct 13, 2015, at 14:02, Tom Hayward tom@tomh.us wrote:
On Tue, Oct 13, 2015 at 1:56 PM, Alexander Chaihorsky xyz1953@gmail.com wrote:
Panda reported a virus W32/Exploit.gen in Oct9 daily build and also today, Oct 13. My system Win7 on Toshib Ultrabook Core i3.
Please, advise.
The Chirp source code is available to read. There's quite obviously (at least as a developer) not a virus in there.
Your anti-virus software is wrong. I suggest disabling it.
Tom KD7LXL _______________________________________________ chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com
Most of the distribution IS python source is it not? It's compiled on-the- fly by the Python runtime. Tom, are there blobs in the package which might trigger a false- positive? Alex, does the download checksum correctly? On Oct 13, 2015 4:16 PM, "Alex Chaihorsky" xyz1953@gmail.com wrote:
Tom,
Thanks for prompt response.
You may be right, but the source code argument is not very convincing. The fact that there is nothing in the source code does not mean that the compiled package could not pick up a piggyback virus. Or that it was, actually introduced by the infected compiler. The older version that I used (couple of weeks ago, I can check) had no problem, though. Please, advise,
Thanks again for the prompt response.
Alex.
Sent from my iPad
On Oct 13, 2015, at 14:02, Tom Hayward tom@tomh.us wrote:
On Tue, Oct 13, 2015 at 1:56 PM, Alexander Chaihorsky <
xyz1953@gmail.com> wrote:
Panda reported a virus W32/Exploit.gen in Oct9 daily build and also
today, Oct 13. My system Win7 on Toshib Ultrabook Core i3.
Please, advise.
The Chirp source code is available to read. There's quite obviously (at least as a developer) not a virus in there.
Your anti-virus software is wrong. I suggest disabling it.
Tom KD7LXL _______________________________________________ chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to
chirp_users-unsubscribe@intrepid.danplanet.com _______________________________________________ chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com
On Tue, Oct 13, 2015 at 2:26 PM, Eric Vought evought@pobox.com wrote:
Most of the distribution IS python source is it not? It's compiled on-the- fly by the Python runtime. Tom, are there blobs in the package which might trigger a false- positive? Alex, does the download checksum correctly?
Yes, that is most likely what is happening.
Every few months we get a message like this to the mailing list. It's usually one of the smaller antivirus packages reporting a virus. So far they have all been false positives. My guess is there are actual viruses out there using Python libraries, and not realizing they're looking at popular open source software, the antivirus company flags it.
False positives are extremely common in antivirus software, and detection rates of real malicious software is low. I don't even bother with antivirus software.
Tom KD7LXL
No virus reported by Norton on my 7 PC or AVG on my 10 PC. All working great..........Bill ----- Original Message ----- From: Tom Hayward To: Discussion of CHIRP Sent: Tuesday, October 13, 2015 5:36 PM Subject: Re: [chirp_users] Panda reported a virus in Oct 9 and Oct 13 dailybuilds.
On Tue, Oct 13, 2015 at 2:26 PM, Eric Vought evought@pobox.com wrote:
Most of the distribution IS python source is it not? It's compiled on-the- fly by the Python runtime. Tom, are there blobs in the package which might trigger a false- positive? Alex, does the download checksum correctly?
Yes, that is most likely what is happening.
Every few months we get a message like this to the mailing list. It's usually one of the smaller antivirus packages reporting a virus. So far they have all been false positives. My guess is there are actual viruses out there using Python libraries, and not realizing they're looking at popular open source software, the antivirus company flags it.
False positives are extremely common in antivirus software, and detection rates of real malicious software is low. I don't even bother with antivirus software.
Tom KD7LXL _______________________________________________ chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com
I repeated the downloads and this time the checksums were the same. Panda reported no problems. The only difference is that I started this one from the download directory and the previous ones from the Chrome browser... May be its the browser doing its Google spying and attaching something during startup? Have no idea. But will ask around with my old time Silicon Valley buddies...
Best to everybody, thank you for help. Donation is on the way :)
Alex.
On Tue, Oct 13, 2015 at 3:36 PM, Bill Gabbard wcgabbard1@windstream.net wrote:
*No virus reported by Norton on my 7 PC or AVG on my 10 PC.* *All working great**..........Bill*
----- Original Message ----- *From:* Tom Hayward tom@tomh.us *To:* Discussion of CHIRP chirp_users@intrepid.danplanet.com *Sent:* Tuesday, October 13, 2015 5:36 PM *Subject:* Re: [chirp_users] Panda reported a virus in Oct 9 and Oct 13 dailybuilds.
On Tue, Oct 13, 2015 at 2:26 PM, Eric Vought evought@pobox.com wrote:
Most of the distribution IS python source is it not? It's compiled
on-the-
fly by the Python runtime. Tom, are there blobs in the package which
might
trigger a false- positive? Alex, does the download checksum correctly?
Yes, that is most likely what is happening.
Every few months we get a message like this to the mailing list. It's usually one of the smaller antivirus packages reporting a virus. So far they have all been false positives. My guess is there are actual viruses out there using Python libraries, and not realizing they're looking at popular open source software, the antivirus company flags it.
False positives are extremely common in antivirus software, and detection rates of real malicious software is low. I don't even bother with antivirus software.
Tom KD7LXL _______________________________________________ chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com
chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com
Every few months we get a message like this to the mailing list. It's usually one of the smaller antivirus packages reporting a virus. So far they have all been false positives. My guess is there are actual viruses out there using Python libraries, and not realizing they're looking at popular open source software, the antivirus company flags it.
Yep, and just to further explain how these builds are created for those that are interested (and/or are wondering how we attempt to protect our users who trust our builds):
Every night, when a change is pending, the build server literally builds an entirely new Windows 7 virtual machine with known-good copies of all of our base dependencies. It then creates the new chirp build on that machine and uploads it to the chirp website. When it's done, it *destroys* the temporary machine it created. The next day, the whole thing starts from scratch.
The process takes about 10 minutes total and occurs on an almost completely sealed private network. There's really no opportunity for anything to get on the build machine and disrupt the process, and it certainly wouldn't change day-to-day, build-to-build.
--Dan
Great job, guys. Very professional.
Alex.
On Oct 15, 2015, at 9:57 AM, Dan Smith via chirp_users chirp_users@intrepid.danplanet.com wrote:
Every few months we get a message like this to the mailing list. It's usually one of the smaller antivirus packages reporting a virus. So far they have all been false positives. My guess is there are actual viruses out there using Python libraries, and not realizing they're looking at popular open source software, the antivirus company flags it.
Yep, and just to further explain how these builds are created for those that are interested (and/or are wondering how we attempt to protect our users who trust our builds):
Every night, when a change is pending, the build server literally builds an entirely new Windows 7 virtual machine with known-good copies of all of our base dependencies. It then creates the new chirp build on that machine and uploads it to the chirp website. When it's done, it *destroys* the temporary machine it created. The next day, the whole thing starts from scratch.
The process takes about 10 minutes total and occurs on an almost completely sealed private network. There's really no opportunity for anything to get on the build machine and disrupt the process, and it certainly wouldn't change day-to-day, build-to-build.
--Dan _______________________________________________ chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com
This is the checksums:
3837aea7ad56db79770946fea53930c9995b96b3 (original checksum on your site))
753B24B1557E53CFE3CCF4B4C8ADB72C30AC1ACA (my download).
I will take a look if I can find anything dirty on my side.
Thanks, everybody.
Alex.
On Tue, Oct 13, 2015 at 2:26 PM, Eric Vought evought@pobox.com wrote:
Most of the distribution IS python source is it not? It's compiled on-the- fly by the Python runtime. Tom, are there blobs in the package which might trigger a false- positive? Alex, does the download checksum correctly? On Oct 13, 2015 4:16 PM, "Alex Chaihorsky" xyz1953@gmail.com wrote:
Tom,
Thanks for prompt response.
You may be right, but the source code argument is not very convincing. The fact that there is nothing in the source code does not mean that the compiled package could not pick up a piggyback virus. Or that it was, actually introduced by the infected compiler. The older version that I used (couple of weeks ago, I can check) had no problem, though. Please, advise,
Thanks again for the prompt response.
Alex.
Sent from my iPad
On Oct 13, 2015, at 14:02, Tom Hayward tom@tomh.us wrote:
On Tue, Oct 13, 2015 at 1:56 PM, Alexander Chaihorsky <
xyz1953@gmail.com> wrote:
Panda reported a virus W32/Exploit.gen in Oct9 daily build and also
today, Oct 13. My system Win7 on Toshib Ultrabook Core i3.
Please, advise.
The Chirp source code is available to read. There's quite obviously (at least as a developer) not a virus in there.
Your anti-virus software is wrong. I suggest disabling it.
Tom KD7LXL _______________________________________________ chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to
chirp_users-unsubscribe@intrepid.danplanet.com _______________________________________________ chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com
chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com
On my Win7, I just forced McAfee VirusScan Enterprise 8.8.0 to update. I then forced the scan of chirp-daily-20151013-installer.exe and the resulting program directory tree after installation. It didn't report any virus.
False positive from Panda?
-Ron-
Aerostation - The Art of Ballooning www.Aerostation.org Littleton, MA USA
On 10/13/2015 05:16 PM, Alex Chaihorsky wrote:
Tom,
Thanks for prompt response.
You may be right, but the source code argument is not very convincing. The fact that there is nothing in the source code does not mean that the compiled package could not pick up a piggyback virus. Or that it was, actually introduced by the infected compiler. The older version that I used (couple of weeks ago, I can check) had no problem, though. Please, advise,
Thanks again for the prompt response.
Alex.
Sent from my iPad
On Oct 13, 2015, at 14:02, Tom Hayward tom@tomh.us wrote:
On Tue, Oct 13, 2015 at 1:56 PM, Alexander Chaihorsky xyz1953@gmail.com wrote:
Panda reported a virus W32/Exploit.gen in Oct9 daily build and also today, Oct 13. My system Win7 on Toshib Ultrabook Core i3.
Please, advise.
The Chirp source code is available to read. There's quite obviously (at least as a developer) not a virus in there.
Your anti-virus software is wrong. I suggest disabling it.
Tom KD7LXL _______________________________________________ chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com
chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com
What if the individual's installer exe is infected (post downoad)? Again might be worth checking the checksum on the download. The installer bootstrap for Windows is one of the few places in the package something malicious might hide. On Oct 13, 2015 4:29 PM, "Ronald Thornton" thornton@aerostation.org wrote:
On my Win7, I just forced McAfee VirusScan Enterprise 8.8.0 to update. I then forced the scan of chirp-daily-20151013-installer.exe and the resulting program directory tree after installation. It didn't report any virus.
False positive from Panda?
-Ron-
Aerostation - The Art of Ballooning www.Aerostation.org Littleton, MA USA
On 10/13/2015 05:16 PM, Alex Chaihorsky wrote:
Tom,
Thanks for prompt response.
You may be right, but the source code argument is not very convincing.
The fact that there is nothing in the source code does not mean that the compiled package could not pick up a piggyback virus. Or that it was, actually introduced by the infected compiler.
The older version that I used (couple of weeks ago, I can check) had no
problem, though.
Please, advise,
Thanks again for the prompt response.
Alex.
Sent from my iPad
On Oct 13, 2015, at 14:02, Tom Hayward tom@tomh.us wrote:
On Tue, Oct 13, 2015 at 1:56 PM, Alexander Chaihorsky <
xyz1953@gmail.com> wrote:
Panda reported a virus W32/Exploit.gen in Oct9 daily build and also
today, Oct 13. My system Win7 on Toshib Ultrabook Core i3.
Please, advise.
The Chirp source code is available to read. There's quite obviously (at least as a developer) not a virus in there.
Your anti-virus software is wrong. I suggest disabling it.
Tom KD7LXL _______________________________________________ chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to
chirp_users-unsubscribe@intrepid.danplanet.com
chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to
chirp_users-unsubscribe@intrepid.danplanet.com
chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com
AVG does not and has never reported a virus in a Chirp build.
Steve Vogel Decatur, GA svdec@bellsouth.net W4PSV
-----Original Message----- From: Alexander Chaihorsky Sent: Tuesday, October 13, 2015 4:56 PM To: chirp_users@intrepid.danplanet.com Subject: [chirp_users] Panda reported a virus in Oct 9 and Oct 13 dailybuilds.
Panda reported a virus W32/Exploit.gen in Oct9 daily build and also today, Oct 13. My system Win7 on Toshib Ultrabook Core i3.
Please, advise.
Best,
Alex.
participants (8)
-
Alex Chaihorsky -
Alexander Chaihorsky
-
Bill Gabbard -
Dan Smith -
Eric Vought -
Ronald Thornton -
Steve Vogel -
Tom Hayward