clamtk detects setuptools-0.6c11-py2.7.egg Packer.MingwGcc-2 virus
Tom Judge
tjudge at sourcefire.com
Mon May 6 08:32:57 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Rusli,
I have sent this information over to the ClamAV detection team, to
validate that the signature is correct. Could you please send me a
copy of the file off list?
Thanks
Tom Judge
- --
Senior Research Engineer
Sourcefire Vulnerability Research Team
FreeBSD Ports Committer
On 5/4/13 7:48 AM, M Rusli wrote:
> Hi Dave,
>
> I did another scan and this time I disable the PUA settings. And
> clamtk did not detect any virus.
>
> I did double confirm with virustotal. And it did not detect
> anything.
>
> But when I do a scan again with PUA, it detected as
> PUA.Win32.PackerMingwGcc-2 virus.
>
> By the way, clamav have an updated version of the virus engine to
> version 0.97.8.
>
> Any luck when the new update version will come in for the Freebsd
> version???
>
>
> On Sat, May 4, 2013 at 7:22 PM, Dave M <dave.nerd at gmail.com
> <mailto:dave.nerd at gmail.com>> wrote:
>
> Hi,
>
> I'm not sure what that file is, but you could verify with that
> package owner's upstream that it's good to go.
>
> Keep in mind that the "threat" name is "PUA" (for potentially
> unwanted application) and seems to be warning based on the type of
> packer or compiler used. In fact, you probably have the "Scan for
> PUAs" option checked in your ClamTk preferences, otherwise this
> would not have alerted.
>
> Once the upstream verifies it (hopefully :), please submit the file
> to ClamAV (at clamav.net <http://clamav.net>) as a false positive,
> assuming it is one.
>
> Let me know if I can be of assistance.
>
> thanks, Dave M
>
> On Sat, May 4, 2013 at 6:04 AM, M Rusli
> <linuxsecuritymrusli at gmail.com
> <mailto:linuxsecuritymrusli at gmail.com>> wrote:
>> Hi
>>
>> I did a full scan on my computer with up-to-date virus of
>> clamtk.
>>
>> It indicates that the
>> /usr/local/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg
>
>>
contains
>> PUA.Win32.PackerMingwGcc-2 virus.
>>
>> Can you verify whether this is a PUA virus?
>>
>> Thank you.
>>
>> Rusli
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJRh2qyAAoJEEJSM9yB4iIWxXcIAI3ePPhwsOUur1EedxMJ51GI
k3wpqpFu063IRGvg22GOu+//jx8GOpL9oh4Cyx2F0Av1JXtN2NwAAEaEFid8gZB1
yEN8gtAz72pia/SgV+j5KDWeYWuKuhSXDlVZwYuIm9B+vy3UQ93xE1WcCkN97BtF
V8VyM8111+DL6tXTm7ik8EU5rkmJCc2vI3VjnIMWlZhJXPLPugSWBDnF9vM63gww
XDDyWYAP1bqhFnUnJXkExoBZKQJ/xP2RlInLwcytXMbAdbmAXiqPM74g2aB96685
BfQA03dv0r2idgPekff9ppVprT9/roRK6AGsGO8r0+b9aDPxfY/mfnYIXQEhd/c=
=obvO
-----END PGP SIGNATURE-----
More information about the freebsd-ports
mailing list