From owner-freebsd-ports@FreeBSD.ORG  Sat May  4 11:22:55 2013
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: ports@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 80B181FD;
 Sat,  4 May 2013 11:22:55 +0000 (UTC)
 (envelope-from dave.nerd@gmail.com)
Received: from mail-wg0-x233.google.com (mail-wg0-x233.google.com
 [IPv6:2a00:1450:400c:c00::233])
 by mx1.freebsd.org (Postfix) with ESMTP id BA4D11127;
 Sat,  4 May 2013 11:22:54 +0000 (UTC)
Received: by mail-wg0-f51.google.com with SMTP id b13so2328294wgh.30
 for <multiple recipients>; Sat, 04 May 2013 04:22:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=x-received:mime-version:in-reply-to:references:from:date:message-id
 :subject:to:cc:content-type;
 bh=xKJcnv9Mugm15qGy+CRAb0OUOh0oVcGSO8FzB+JMqz4=;
 b=tYzyvCwWRCsDp6REfT5bIlnSaeg1dQ1w0ldK41KfIhRUcdJfyeSxsi+AGgdoGPY/2U
 9xFq7mlaZJlBlnOc+Yj5LmvKYlCzYedgy6c8Mp/JyZ571S6jaf1xtbDxDCmAoRUzzyZ5
 e4DTK+J1CjCTS8kJTi79rJb415adDRNUVxmviZRwUubZ3BG/RzxauBIJwdkwuRsTW9Vg
 EYFB2AZecRoU8CZVIlfGBHCvs8Pont/LRrJacZSGrpRutzUHFfEumhjVUZlMqlckOXMm
 vCqzAp2rqf84WrColRG/QfLD/vV0QhiNHy+GTY+S8QAcxlf9fWsF8SFELLECYq9IeQ03
 ndWg==
X-Received: by 10.194.77.103 with SMTP id r7mr14489733wjw.12.1367666573927;
 Sat, 04 May 2013 04:22:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.227.49.210 with HTTP; Sat, 4 May 2013 04:22:33 -0700 (PDT)
In-Reply-To: <CADUSB=wR-VAkSYwHOXvnhPaT48WEePP8L7coTnbijV320=Y0Pw@mail.gmail.com>
References: <CADUSB=wR-VAkSYwHOXvnhPaT48WEePP8L7coTnbijV320=Y0Pw@mail.gmail.com>
From: Dave M <dave.nerd@gmail.com>
Date: Sat, 4 May 2013 06:22:33 -0500
Message-ID: <CAPk1mureXe11Ci5aWNyWBQ1BO7yJ9baT=Y0X9XdGAeUkBx9cOA@mail.gmail.com>
Subject: Re: clamtk detects setuptools-0.6c11-py2.7.egg Packer.MingwGcc-2 virus
To: M Rusli <linuxsecuritymrusli@gmail.com>
Content-Type: text/plain; charset=UTF-8
Cc: ports@freebsd.org, tj@freebsd.org, secteam@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 04 May 2013 11:22:55 -0000

Hi,

I'm not sure what that file is, but you could verify with that package
owner's upstream that it's good to go.

Keep in mind that the "threat" name is "PUA" (for potentially unwanted
application) and seems to be warning based on the type of packer or
compiler used.  In fact, you probably have the "Scan for PUAs" option
checked in your ClamTk preferences, otherwise this would not have
alerted.

Once the upstream verifies it (hopefully :), please submit the file to
ClamAV (at clamav.net) as a false positive, assuming it is one.

Let me know if I can be of assistance.

thanks,
Dave M

On Sat, May 4, 2013 at 6:04 AM, M Rusli <linuxsecuritymrusli@gmail.com> wrote:
> Hi
>
> I did a full scan on my computer with up-to-date virus of clamtk.
>
> It indicates that the
> /usr/local/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg contains
> PUA.Win32.PackerMingwGcc-2 virus.
>
> Can you verify whether this is a PUA virus?
>
> Thank you.
>
> Rusli