info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[rt.cpan.org #127918] PAR::Packer produces executable with virus
1 view
Skip to first unread message
Jeff Hemmerling via RT
Dec 5, 2018, 10:45:02 AM12/5/18
Tue Dec 04 20:35:56 2018: Request 127918 was acted upon.
Transaction: Ticket created by [email protected]
Queue: PAR-Packer
Subject: PAR::Packer produces executable with virus
Broken in: (no value)
Severity: (no value)
Owner: Nobody
Requestors: [email protected]
Status: new
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=127918 >
Windows Defender and Antiy-AVL are reporting that all executables
produced by Packer contain a virus (report from virustotal.com):
Microsoft: Trojan:Win32/Skeeyah.A!rfn
Antiy-AVL: Trojan/Win32.Miner
It also reports that "boot.exe", the Packer intermediate file, also has
this virus. This caused the installation to fail because "boot.exe"
got quarantined as soon as it was produced. After white-listing the
entire perl tree, installation succeeded.
We use Packer to produce a complete executable for the convenience of
our customers. While our developers can tell Windows Defender to
ignore these files, our customers can not be expected to do the same.
Since Defender is commonly used, this is a big issue.
Any idea of a work around?
Have others encountered this issue?
Thank you.
--
-- Jeff Hemmerling
Transaction: Ticket created by [email protected]
Queue: PAR-Packer
Subject: PAR::Packer produces executable with virus
Broken in: (no value)
Severity: (no value)
Owner: Nobody
Requestors: [email protected]
Status: new
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=127918 >
Windows Defender and Antiy-AVL are reporting that all executables
produced by Packer contain a virus (report from virustotal.com):
Microsoft: Trojan:Win32/Skeeyah.A!rfn
Antiy-AVL: Trojan/Win32.Miner
It also reports that "boot.exe", the Packer intermediate file, also has
this virus. This caused the installation to fail because "boot.exe"
got quarantined as soon as it was produced. After white-listing the
entire perl tree, installation succeeded.
We use Packer to produce a complete executable for the convenience of
our customers. While our developers can tell Windows Defender to
ignore these files, our customers can not be expected to do the same.
Since Defender is commonly used, this is a big issue.
Any idea of a work around?
Have others encountered this issue?
Thank you.
--
-- Jeff Hemmerling
Martin McGrath via RT
Dec 5, 2018, 7:30:02 PM12/5/18
Wed Dec 05 05:13:36 2018: Request 127918 was acted upon.
Transaction: Correspondence added by MARTO
https://perlmonks.org/?node_id=1222404
I trust you've ensured that the machine itself has no underlying infection? Also, which version of perl do you have installed (AS/Strawberry, x86/x86_64?)
Transaction: Correspondence added by MARTO
Queue: PAR-Packer
Subject: PAR::Packer produces executable with virus
Broken in: (no value)
Severity: (no value)
Owner: Nobody
Requestors: [email protected]
Status: new
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=127918 >
In the past I'd experienced problems installing pp on windows in a corporate environment, caused by over sensitive AV/Security software. Once resolved the exes generated didn't exhibit the problem you're experiencing, but it's not unheard of:
Subject: PAR::Packer produces executable with virus
Broken in: (no value)
Severity: (no value)
Owner: Nobody
Requestors: [email protected]
Status: new
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=127918 >
https://perlmonks.org/?node_id=1222404
I trust you've ensured that the machine itself has no underlying infection? Also, which version of perl do you have installed (AS/Strawberry, x86/x86_64?)
Jeff Hemmerling via RT
Dec 20, 2018, 9:00:02 AM12/20/18
Wed Dec 19 18:52:01 2018: Request 127918 was acted upon.
Transaction: Correspondence added by [email protected]
Queue: PAR-Packer
Subject: Re: [rt.cpan.org #127918] PAR::Packer produces executable with virus
Status: open
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=127918 >
On 12/05/2018 02:13, Martin McGrath via RT wrote:
> <URL: https://rt.cpan.org/Ticket/Display.html?id=127918 >
>
> In the past I'd experienced problems installing pp on windows in a corporate environment, caused by over sensitive AV/Security software. Once resolved the exes generated didn't exhibit the problem you're experiencing, but it's not unheard of:
>
> https://perlmonks.org/?node_id=1222404
>
> I trust you've ensured that the machine itself has no underlying infection? Also, which version of perl do you have installed (AS/Strawberry, x86/x86_64?)
Thanks for your reply. I know it's Packer code causing the problem
because the virus detector goes off as soon as "boot.exe" is
produced during installation.
I just rewrote the code in C++ to avoid all this.
Using 32-bit Strawberry perl:
% /apps/devtools/Strawberry/perl/bin/perl.exe --version
This is perl 5, version 28, subversion 0 (v5.28.0) built for MSWin32-x86-multi-thread-64int
Copyright 1987-2018, Larry Wall
--
-- Jeff Hemmerling
Transaction: Correspondence added by [email protected]
Queue: PAR-Packer
Subject: Re: [rt.cpan.org #127918] PAR::Packer produces executable with virus
Status: open
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=127918 >
On 12/05/2018 02:13, Martin McGrath via RT wrote:
> <URL: https://rt.cpan.org/Ticket/Display.html?id=127918 >
>
> In the past I'd experienced problems installing pp on windows in a corporate environment, caused by over sensitive AV/Security software. Once resolved the exes generated didn't exhibit the problem you're experiencing, but it's not unheard of:
>
> https://perlmonks.org/?node_id=1222404
>
> I trust you've ensured that the machine itself has no underlying infection? Also, which version of perl do you have installed (AS/Strawberry, x86/x86_64?)
because the virus detector goes off as soon as "boot.exe" is
produced during installation.
I just rewrote the code in C++ to avoid all this.
Using 32-bit Strawberry perl:
% /apps/devtools/Strawberry/perl/bin/perl.exe --version
This is perl 5, version 28, subversion 0 (v5.28.0) built for MSWin32-x86-multi-thread-64int
Copyright 1987-2018, Larry Wall
--
-- Jeff Hemmerling
Kevin Puetz via RT
Jan 4, 2020, 7:30:03 AM1/4/20
Fri Jan 03 17:19:09 2020: Request 127918 was acted upon.
Transaction: Correspondence added by puetzk
Queue: PAR-Packer
Subject: PAR::Packer produces executable with virus
Transaction: Correspondence added by puetzk
Queue: PAR-Packer
Subject: PAR::Packer produces executable with virus
Broken in: (no value)
Severity: (no value)
Owner: Nobody
Requestors: [email protected]
Status: open
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=127918 >
I cannot update the status in rt, but this should be resolved since Windows Defender definitions 1.289.641.0 (March 2019) - I hit it and was able to work with Microsoft to resolve the definition that was false-positive flagging it.
Severity: (no value)
Owner: Nobody
Requestors: [email protected]
Status: open
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=127918 >
Roderich Schupp via RT
Jan 4, 2020, 11:00:03 PM1/4/20
Sat Jan 04 08:45:38 2020: Request 127918 was acted upon.
Transaction: Correspondence added by RSCHUPP
Cheers, Roderich
Transaction: Correspondence added by RSCHUPP
Queue: PAR-Packer
Subject: PAR::Packer produces executable with virus
Broken in: (no value)
Severity: (no value)
Owner: Nobody
Requestors: [email protected]
Status: open
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=127918 >
Subject: PAR::Packer produces executable with virus
Broken in: (no value)
Severity: (no value)
Owner: Nobody
Requestors: [email protected]
Status: open
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=127918 >
On 2020-01-03 17:19:09, puetzk wrote:
> I cannot update the status in rt, but this should be resolved since
> Windows Defender definitions 1.289.641.0 (March 2019) - I hit it and
> was able to work with Microsoft to resolve the definition that was
> false-positive flagging it.
Many thanks for resolving this!
> I cannot update the status in rt, but this should be resolved since
> Windows Defender definitions 1.289.641.0 (March 2019) - I hit it and
> was able to work with Microsoft to resolve the definition that was
> false-positive flagging it.
Cheers, Roderich
0 new messages