Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 20 Apr 2014, 22:25
All times are UTC - 4
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Softmaker Office 2006 F-prot Finds False Positive
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [4 Posts]  
Author Message
yorkiesnorkie


Joined: 04 Jun 2007
Posts: 505
Location: George's Island

PostPosted: Sun 04 Jul 2010, 10:05    Post subject:  Softmaker Office 2006 F-prot Finds False Positive  

I'd downloaded Softmaker Office for use with WINE. I was working with f-prot today and doing a scan of my jump drive when I ran into this problem. When I scanned this with F-prot using fpscan at the command line it identified the windows installer as having a password stealer. It can't be disinfected, only the exe deleted. This exe was downloaded from "http://www.softmakeroffice.com/"

Code:
# fpscan /mnt/sdb1/ofw06freefull.exe

F-PROT Antivirus version 6.3.3.5015 (built: 2009-12-23T13-43-55)


FRISK Software International (C) Copyright 1989-2009
Engine version:   4.5.1.85
Arguments:        /mnt/sdb1/ofw06freefull.exe
Virus signatures: 2010070313370d183ddccd8e5fb930be3de9119a6e16
                  (/usr/local/f-prot/antivir.def)

[Found password stealer] <W32/Pws.BQZG (exact)>         /mnt/sdb1/ofw06freefull.exe

Disinfect? (Y)es, (N)o, (A)ll yes, (I)gnore all, (Q)uit scan: Yes

[Warning] <Error closing file: Invalid argument>        /mnt/sdb1/ofw06freefull.exe
[Deleted]       /mnt/sdb1/ofw06freefull.exe


Results:

Files: 1
Skipped files: 0
MBR/boot sectors checked: 0
Objects scanned: 1
Infected objects: 1
Files with errors: 0
Disinfected: 1

Running time: 00:52
#


false positive? Anyway, I'm going to run clamav on it and see what that reports.

*****
UPDATE
Another scan with Avast turned up nothing. So, this is most likely f-prot indicating a false positive.

Y.

_________________
www.busygamemaster.com

Last edited by yorkiesnorkie on Thu 08 Jul 2010, 11:50; edited 1 time in total
Back to top
View user's profile Send private message 
yorkiesnorkie


Joined: 04 Jun 2007
Posts: 505
Location: George's Island

PostPosted: Mon 05 Jul 2010, 13:58    Post subject: Likely a false positive  

Hi,

I checked the same file, ofw06freefull.exe, over with Avast for linux, and it didn't find anything. It may be that f-prot found a false positive.

Y.

_________________
www.busygamemaster.com
Back to top
View user's profile Send private message 
Makoto


Joined: 03 Sep 2009
Posts: 1725
Location: Out wandering... maybe.

PostPosted: Mon 05 Jul 2010, 18:33    Post subject:  

You can also submit the file to VirusTotal, which will scan it using multiple AV engines/setups, to further narrow down the possibility of a false positive.
_________________
[ Puppy 4.3.1 JP, Frugal install | 1GB RAM | 1.3GB swap ] * My Pidgin Builds for Puppy 4.3.1+
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).
Back to top
View user's profile Send private message 
yorkiesnorkie


Joined: 04 Jun 2007
Posts: 505
Location: George's Island

PostPosted: Thu 08 Jul 2010, 11:43    Post subject:  

Thanks for the link, quite useful. I'd probably submit the file but given its size I think at this point, based on the Avast test, both of the zip archive, and a scan of the installation of Softmaker, that it is very unlikely it contains a trojan. Avast passes it. So, it's most likely a false positive. I'll pass that on to f-prot and let them worry about that. Very Happy

However, thanks again for the useful link.

Y.

_________________
www.busygamemaster.com
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [4 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0488s ][ Queries: 12 (0.0121s) ][ GZIP on ]