From owner-freebsd-ports@FreeBSD.ORG Sat May 4 21:41:59 2013 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id A9ED317B; Sat, 4 May 2013 21:41:59 +0000 (UTC) (envelope-from linuxsecuritymrusli@gmail.com) Received: from mail-ia0-x229.google.com (mail-ia0-x229.google.com [IPv6:2607:f8b0:4001:c02::229]) by mx1.freebsd.org (Postfix) with ESMTP id 6A14D187; Sat, 4 May 2013 21:41:59 +0000 (UTC) Received: by mail-ia0-f169.google.com with SMTP id l29so2328036iag.28 for ; Sat, 04 May 2013 14:41:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=4E2uMUYlSX/NaBbLaCWVlUBTa8Tj0uEQpCkVLGTtof8=; b=l5Rahu1yhJA2HXaDtGWRBgOxqrImXA5enyoWw6OIrn0RwNH3RIk8d+9OCW/PXbPPh7 aFL/DJW1zza/bDi2dMAaQtcKaBCTL1Sd+DIa0xmhkTCLWHNEDV34koohC85bhLWtrKTr 9MU/Y6qq/VnyJYR4bcQi0qKvDgnQKwjdyl8sfKlZn29dRzL24hP1PpHz0QQ188kjxJxA ie5OH32d7zwnx2mafRJ+1PaNqGFzQoTVmBesVzOYfKGdMnXbAYsydQAaZIxxaSPsbosx QD4xNylpc6gwXxbpwFR3frTT0i/QAf8AwNXAVCWict7wFOQclJRJZkSlsTrvPT0odu+v JHjw== MIME-Version: 1.0 X-Received: by 10.50.12.201 with SMTP id a9mr1024736igc.10.1367703719153; Sat, 04 May 2013 14:41:59 -0700 (PDT) Received: by 10.64.35.101 with HTTP; Sat, 4 May 2013 14:41:59 -0700 (PDT) In-Reply-To: References: Date: Sun, 5 May 2013 05:41:59 +0800 Message-ID: Subject: Re: clamtk detects setuptools-0.6c11-py2.7.egg Packer.MingwGcc-2 virus From: M Rusli To: Dave M Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: ports@freebsd.org, tj@freebsd.org, secteam@freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 May 2013 21:41:59 -0000 Hi Dave, Thanks! Clamav scan engine have been updated to 0.97.8. On Sat, May 4, 2013 at 7:54 PM, Dave M wrote: > Hi, > > It's okay to check things with PUA settings - sometimes they really > are "unwanted" applications. You did the right thing by asking others > to verify and submitting it to VT for a second opinion. > > Sorry, I have no idea when FreeBSD will upgrade. It all comes down to > the FreeBSD maintainer - when they get to it and upload it. Fedora > doesn't have it yet either. > > respectfully > dave > > On Sat, May 4, 2013 at 6:48 AM, M Rusli > wrote: > > Hi Dave, > > > > I did another scan and this time I disable the PUA settings. And clamtk > did > > not detect any virus. > > > > I did double confirm with virustotal. And it did not detect anything. > > > > But when I do a scan again with PUA, it detected as > > PUA.Win32.PackerMingwGcc-2 virus. > > > > By the way, clamav have an updated version of the virus engine to version > > 0.97.8. > > > > Any luck when the new update version will come in for the Freebsd > version??? > > > > > > On Sat, May 4, 2013 at 7:22 PM, Dave M wrote: > >> > >> Hi, > >> > >> I'm not sure what that file is, but you could verify with that package > >> owner's upstream that it's good to go. > >> > >> Keep in mind that the "threat" name is "PUA" (for potentially unwanted > >> application) and seems to be warning based on the type of packer or > >> compiler used. In fact, you probably have the "Scan for PUAs" option > >> checked in your ClamTk preferences, otherwise this would not have > >> alerted. > >> > >> Once the upstream verifies it (hopefully :), please submit the file to > >> ClamAV (at clamav.net) as a false positive, assuming it is one. > >> > >> Let me know if I can be of assistance. > >> > >> thanks, > >> Dave M > >> > >> On Sat, May 4, 2013 at 6:04 AM, M Rusli > >> wrote: > >> > Hi > >> > > >> > I did a full scan on my computer with up-to-date virus of clamtk. > >> > > >> > It indicates that the > >> > /usr/local/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg > >> > contains > >> > PUA.Win32.PackerMingwGcc-2 virus. > >> > > >> > Can you verify whether this is a PUA virus? > >> > > >> > Thank you. > >> > > >> > Rusli > > > > >