Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 22 Nov 2014, 05:15
All times are UTC - 4
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Softmaker Office 2006 F-prot Finds False Positive
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
yorkiesnorkie


Joined: 04 Jun 2007
Posts: 505
Location: George's Island

PostPosted: Sun 04 Jul 2010, 10:05    Post_subject:  Softmaker Office 2006 F-prot Finds False Positive  

I'd downloaded Softmaker Office for use with WINE. I was working with f-prot today and doing a scan of my jump drive when I ran into this problem. When I scanned this with F-prot using fpscan at the command line it identified the windows installer as having a password stealer. It can't be disinfected, only the exe deleted. This exe was downloaded from "http://www.softmakeroffice.com/"

Code:
# fpscan /mnt/sdb1/ofw06freefull.exe

F-PROT Antivirus version 6.3.3.5015 (built: 2009-12-23T13-43-55)


FRISK Software International (C) Copyright 1989-2009
Engine version:   4.5.1.85
Arguments:        /mnt/sdb1/ofw06freefull.exe
Virus signatures: 2010070313370d183ddccd8e5fb930be3de9119a6e16
                  (/usr/local/f-prot/antivir.def)

[Found password stealer] <W32/Pws.BQZG (exact)>         /mnt/sdb1/ofw06freefull.exe

Disinfect? (Y)es, (N)o, (A)ll yes, (I)gnore all, (Q)uit scan: Yes

[Warning] <Error closing file: Invalid argument>        /mnt/sdb1/ofw06freefull.exe
[Deleted]       /mnt/sdb1/ofw06freefull.exe


Results:

Files: 1
Skipped files: 0
MBR/boot sectors checked: 0
Objects scanned: 1
Infected objects: 1
Files with errors: 0
Disinfected: 1

Running time: 00:52
#


false positive? Anyway, I'm going to run clamav on it and see what that reports.

*****
UPDATE
Another scan with Avast turned up nothing. So, this is most likely f-prot indicating a false positive.

Y.

_________________
www.busygamemaster.com

Edited_time_total
Back to top
View user's profile Send_private_message 
yorkiesnorkie


Joined: 04 Jun 2007
Posts: 505
Location: George's Island

PostPosted: Mon 05 Jul 2010, 13:58    Post_subject: Likely a false positive  

Hi,

I checked the same file, ofw06freefull.exe, over with Avast for linux, and it didn't find anything. It may be that f-prot found a false positive.

Y.

_________________
www.busygamemaster.com
Back to top
View user's profile Send_private_message 
Makoto


Joined: 03 Sep 2009
Posts: 1808
Location: Out wandering... maybe.

PostPosted: Mon 05 Jul 2010, 18:33    Post_subject:  

You can also submit the file to VirusTotal, which will scan it using multiple AV engines/setups, to further narrow down the possibility of a false positive.
_________________
[ Puppy 4.3.1 JP, Frugal install | 1GB RAM | 1.3GB swap ] * My Pidgin Builds for Puppy 4.3.1+
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).
Back to top
View user's profile Send_private_message 
yorkiesnorkie


Joined: 04 Jun 2007
Posts: 505
Location: George's Island

PostPosted: Thu 08 Jul 2010, 11:43    Post_subject:  

Thanks for the link, quite useful. I'd probably submit the file but given its size I think at this point, based on the Avast test, both of the zip archive, and a scan of the installation of Softmaker, that it is very unlikely it contains a trojan. Avast passes it. So, it's most likely a false positive. I'll pass that on to f-prot and let them worry about that. Very Happy

However, thanks again for the useful link.

Y.

_________________
www.busygamemaster.com
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0517s ][ Queries: 12 (0.0081s) ][ GZIP on ]