[Bug 62409] Trojan in Windows Service Installer

Sat, 26 May 2018 08:41:16 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=62409

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|---                         |INVALID

--- Comment #5 from Mark Thomas <ma...@apache.org> ---
I tested a range of versions. The results were:

7.0.84 Bkav
7.0.85 Bkav, TrendMicro-HouseCall
7.0.86 Bkav
7.0.88 Bkav, TrendMicro-HouseCall, Microsoft, McAfee-GW-Edition

8.0.41 OK
8.0.42 OK
8.0.49 Bkav
8.0.50 Bkav
8.0.51 Bkav, TrendMicro-HouseCall, McAfee-GW-Edition
8.0.52 Bkav, TrendMicro-HouseCall, McAfee-GW-Edition

8.5.19 Bkav, TrendMicro-HouseCall, Rising
8.5.20 TrendMicro-HouseCall
8.5.21 Bkav
8.5.24 OK
8.5.28 OK
8.5.29 OK
8.5.30 OK
8.5.31 OK

All the files that were OK were digitally signed as part of the build process.

All the files there were not OK were not digitally signed as part of the build
process.

The signing service has been unavailable for periods (hence why some 8.5.x
releases are unsigned) and the 7.0.x build process has not been updated to
integrate the signing process.

The variation in scanners reporting issues is consistent with differences in
heuristic scans between virus scanners.

The 8.5.x releases were all performed on the same Windows VM. The VM is always
fully patched before any release. The VM has only ever been used to perform
Tomcat releases. At no point has the AV on that VM ever reported any virus.

The reports above are consistent with other reports of false positives in other
projects using the NSIS installer.

The 8.5.x results alone are sufficient to convince me that this is a false
positive. The 7.0.x and 8.0.x results are consistent with that conclusion.

All the evidence points towards this being a false positive.

None of the evidence points toward this being a genuine infection.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to