From owner-freebsd-ports@FreeBSD.ORG Mon May 6 08:32:57 2013 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 442EBEAD for ; Mon, 6 May 2013 08:32:57 +0000 (UTC) (envelope-from tjudge@sourcefire.com) Received: from na3sys009aog126.obsmtp.com (na3sys009aog126.obsmtp.com [74.125.149.155]) by mx1.freebsd.org (Postfix) with ESMTP id B6635DA6 for ; Mon, 6 May 2013 08:32:56 +0000 (UTC) Received: from mail-ea0-f197.google.com ([209.85.215.197]) (using TLSv1) by na3sys009aob126.postini.com ([74.125.148.12]) with SMTP ID DSNKUYdqskxCv/cTGppB4/SBX7oEfHWlnnO9@postini.com; Mon, 06 May 2013 01:32:56 PDT Received: by mail-ea0-f197.google.com with SMTP id b10so5148081eae.0 for ; Mon, 06 May 2013 01:32:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourcefire.com; s=google; h=x-received:x-received:message-id:date:from:user-agent:mime-version :to:cc:subject:references:in-reply-to:x-enigmail-version :content-type:content-transfer-encoding; bh=TaDKCC4CMxjfAmjvFdJDaeSZDjrRNIkh475nAjRuQeo=; b=SvtXuzdBNlfjqtF2qODwOhvtSn5qLLuoNMhWM7EJBct8sMf7PfDlFpRx63E6ZxpuJR 2vLCQ7h3x+vNxgWvnHHZ86u/wY/gX30G8M97HNwaHVt9C/zHs/9fdN8kzO/AXQEDnwfH l7/sSUg+Ih+MrpZ/kHA+rXCJEYp/7AzUtnb44= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:x-received:message-id:date:from:user-agent:mime-version :to:cc:subject:references:in-reply-to:x-enigmail-version :content-type:content-transfer-encoding:x-gm-message-state; bh=TaDKCC4CMxjfAmjvFdJDaeSZDjrRNIkh475nAjRuQeo=; b=gjthbGwncsjMcRWn4eb53TKR/WooRzJJIzltgkSE7fy6VdEshYIKgHMKf4ceU/oFj0 3FidKCDcafI5/r62BUS8MsCViaT7KQxckWndUEJlIgFyNL7WIs/srlEjckCytzPEnXi6 XC/steJLtqWDoQnZfhACT4NOVwNNaPyeBmvtHPx/itWqAegbJKfLGYRfu3cJvOusxPh4 kRrtRXZ3UNqV+32DMX9rM5W5MMesomZdwb1EdPPLqxVPm/uUn5smyshHIggm+F6szMZj EydtyjvLdgmX7ScV2FTDr1evw7kBECYuWpVQeQaTu5m+oGHGr4Yh6Hy+eHl5l3qDGraT jFrw== X-Received: by 10.194.248.200 with SMTP id yo8mr24003189wjc.36.1367829169147; Mon, 06 May 2013 01:32:49 -0700 (PDT) X-Received: by 10.194.248.200 with SMTP id yo8mr24003177wjc.36.1367829169024; Mon, 06 May 2013 01:32:49 -0700 (PDT) Received: from amishhammer-mbp.local (cpc18-reig4-2-0-cust136.6-3.cable.virginmedia.com. [86.24.126.137]) by mx.google.com with ESMTPSA id q18sm12198594wiw.8.2013.05.06.01.32.47 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 06 May 2013 01:32:47 -0700 (PDT) Message-ID: <51876AB2.50905@sourcefire.com> Date: Mon, 06 May 2013 04:32:50 -0400 From: Tom Judge User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: M Rusli Subject: Re: clamtk detects setuptools-0.6c11-py2.7.egg Packer.MingwGcc-2 virus References: In-Reply-To: X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQnPWfBep1COCoE9vynfiW+F6xevn9Wvs4qp4y0nTEaLIa1XQ2P42Yn77HWRCmnZpuHO8VO+eF6UQQLP4dprXOSgzZPfpcHeSYotnyUwwoQt8k+JIPCFoVdvjuRzK541/89nnvnQw1e3RCE0baa+f2JO4NIdkw== Cc: ports@freebsd.org, Dave M , secteam@freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 May 2013 08:32:57 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Rusli, I have sent this information over to the ClamAV detection team, to validate that the signature is correct. Could you please send me a copy of the file off list? Thanks Tom Judge - -- Senior Research Engineer Sourcefire Vulnerability Research Team FreeBSD Ports Committer On 5/4/13 7:48 AM, M Rusli wrote: > Hi Dave, > > I did another scan and this time I disable the PUA settings. And > clamtk did not detect any virus. > > I did double confirm with virustotal. And it did not detect > anything. > > But when I do a scan again with PUA, it detected as > PUA.Win32.PackerMingwGcc-2 virus. > > By the way, clamav have an updated version of the virus engine to > version 0.97.8. > > Any luck when the new update version will come in for the Freebsd > version??? > > > On Sat, May 4, 2013 at 7:22 PM, Dave M > wrote: > > Hi, > > I'm not sure what that file is, but you could verify with that > package owner's upstream that it's good to go. > > Keep in mind that the "threat" name is "PUA" (for potentially > unwanted application) and seems to be warning based on the type of > packer or compiler used. In fact, you probably have the "Scan for > PUAs" option checked in your ClamTk preferences, otherwise this > would not have alerted. > > Once the upstream verifies it (hopefully :), please submit the file > to ClamAV (at clamav.net ) as a false positive, > assuming it is one. > > Let me know if I can be of assistance. > > thanks, Dave M > > On Sat, May 4, 2013 at 6:04 AM, M Rusli > > wrote: >> Hi >> >> I did a full scan on my computer with up-to-date virus of >> clamtk. >> >> It indicates that the >> /usr/local/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg > >> contains >> PUA.Win32.PackerMingwGcc-2 virus. >> >> Can you verify whether this is a PUA virus? >> >> Thank you. >> >> Rusli > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRh2qyAAoJEEJSM9yB4iIWxXcIAI3ePPhwsOUur1EedxMJ51GI k3wpqpFu063IRGvg22GOu+//jx8GOpL9oh4Cyx2F0Av1JXtN2NwAAEaEFid8gZB1 yEN8gtAz72pia/SgV+j5KDWeYWuKuhSXDlVZwYuIm9B+vy3UQ93xE1WcCkN97BtF V8VyM8111+DL6tXTm7ik8EU5rkmJCc2vI3VjnIMWlZhJXPLPugSWBDnF9vM63gww XDDyWYAP1bqhFnUnJXkExoBZKQJ/xP2RlInLwcytXMbAdbmAXiqPM74g2aB96685 BfQA03dv0r2idgPekff9ppVprT9/roRK6AGsGO8r0+b9aDPxfY/mfnYIXQEhd/c= =obvO -----END PGP SIGNATURE-----