clamtk detects setuptools-0.6c11-py2.7.egg Packer.MingwGcc-2 virus

Tom Judge tjudge at sourcefire.com
Mon May 6 08:32:57 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Rusli,

I have sent this information over to the ClamAV detection team, to
validate that the signature is correct.  Could you please send me a
copy of the file off list?


Thanks

Tom Judge
- --
Senior Research Engineer
Sourcefire Vulnerability Research Team
FreeBSD Ports Committer


On 5/4/13 7:48 AM, M Rusli wrote:
> Hi Dave,
> 
> I did another scan and this time I disable the PUA settings. And
> clamtk did not detect any virus.
> 
> I did double confirm with virustotal. And it did not detect
> anything.
> 
> But when I do a scan again with PUA, it detected as 
> PUA.Win32.PackerMingwGcc-2 virus.
> 
> By the way, clamav have an updated version of the virus engine to 
> version 0.97.8.
> 
> Any luck when the new update version will come in for the Freebsd
> version???
> 
> 
> On Sat, May 4, 2013 at 7:22 PM, Dave M <dave.nerd at gmail.com 
> <mailto:dave.nerd at gmail.com>> wrote:
> 
> Hi,
> 
> I'm not sure what that file is, but you could verify with that
> package owner's upstream that it's good to go.
> 
> Keep in mind that the "threat" name is "PUA" (for potentially
> unwanted application) and seems to be warning based on the type of
> packer or compiler used.  In fact, you probably have the "Scan for
> PUAs" option checked in your ClamTk preferences, otherwise this
> would not have alerted.
> 
> Once the upstream verifies it (hopefully :), please submit the file
> to ClamAV (at clamav.net <http://clamav.net>) as a false positive, 
> assuming it is one.
> 
> Let me know if I can be of assistance.
> 
> thanks, Dave M
> 
> On Sat, May 4, 2013 at 6:04 AM, M Rusli 
> <linuxsecuritymrusli at gmail.com 
> <mailto:linuxsecuritymrusli at gmail.com>> wrote:
>> Hi
>> 
>> I did a full scan on my computer with up-to-date virus of
>> clamtk.
>> 
>> It indicates that the 
>> /usr/local/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg
>
>> 
contains
>> PUA.Win32.PackerMingwGcc-2 virus.
>> 
>> Can you verify whether this is a PUA virus?
>> 
>> Thank you.
>> 
>> Rusli
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRh2qyAAoJEEJSM9yB4iIWxXcIAI3ePPhwsOUur1EedxMJ51GI
k3wpqpFu063IRGvg22GOu+//jx8GOpL9oh4Cyx2F0Av1JXtN2NwAAEaEFid8gZB1
yEN8gtAz72pia/SgV+j5KDWeYWuKuhSXDlVZwYuIm9B+vy3UQ93xE1WcCkN97BtF
V8VyM8111+DL6tXTm7ik8EU5rkmJCc2vI3VjnIMWlZhJXPLPugSWBDnF9vM63gww
XDDyWYAP1bqhFnUnJXkExoBZKQJ/xP2RlInLwcytXMbAdbmAXiqPM74g2aB96685
BfQA03dv0r2idgPekff9ppVprT9/roRK6AGsGO8r0+b9aDPxfY/mfnYIXQEhd/c=
=obvO
-----END PGP SIGNATURE-----


More information about the freebsd-ports mailing list