Is anyone's anti-virus software showing any PDN file infected with virus or trojans?

I've had one fellow report this though all files hatched were checked with Frisk's f-prot at the time of release. I'm expecting false positives... but still.... Just curious if it's one fellow's system or what...

These files generally are sent here by authors or picked up from sites like git-hub etc.

Thanks,
Janis

--- BBBS/Li6 v4.10 Dada-1
* Origin: Prism bbs (1:261/38)

Hello Janis,

On 07 Jul 14 15:11, Janis Kracht wrote to All:

Is anyone's anti-virus software showing any PDN file infected with
virus or trojans?

I've had one fellow report this though all files hatched were checked
with Frisk's f-prot at the time of release. I'm expecting false positives... but still.... Just curious if it's one fellow's system or what...

These files generally are sent here by authors or picked up from sites like git-hub etc.

I haven't added any of the new areas at this point, but nothing has been reported as being infected up till now from the entire filegate. I'm using the latest version of clamav and every time it's ran I run "freshclam" which downloads the latest definitions.

Regards,
Nick

--- GoldED+/LNX 1.1.5-b20130910
* Origin: Dark Sorrow | darksorrow.us (1:154/701)

Hello Janis,

On 07 Jul 14 15:11, Janis Kracht wrote to All:

Is anyone's anti-virus software showing any PDN file infected with
virus or trojans?

I've had one fellow report this though all files hatched were checked
with Frisk's f-prot at the time of release. I'm expecting false
positives... but still.... Just curious if it's one fellow's system or
what...

These files generally are sent here by authors or picked up from sites
like git-hub etc.

I haven't added any of the new areas at this point, but nothing has been
reported as being infected up till now from the entire filegate. I'm using the
latest version of clamav and every time it's ran I run "freshclam" which downloads the latest definitions.

Thanks Nick... all I can figure is maybe some of these files are so old (like going back to 1980's and 90's), the heuristics engine thinks they're bad? Every
seen anything like that?

Take care,
Janis

--- BBBS/Li6 v4.10 Dada-1
* Origin: Prism bbs (1:261/38)

Hello Janis,

On 07 Jul 14 17:49, Janis Kracht wrote to Nicholas Boel:

Thanks Nick... all I can figure is maybe some of these files are so
old (like going back to 1980's and 90's), the heuristics engine thinks they're bad? Every seen anything like that?

I can't say that I have. :(

Regards,
Nick

--- GoldED+/LNX 1.1.5-b20130910
* Origin: Dark Sorrow | darksorrow.us (1:154/701)

* An ongoing debate between Janis Kracht and All rages on ...

Is anyone's anti-virus software showing any PDN file infected with
virus or trojans?

Everything clear here. :)

--
Guardien Fide :^)

Ben aka cMech Web: http://cmech.dynip.com
Email: fido4cmech(at)lusfiber.net
Home page: http://users.lusfiber.net/~fido4cmech
WildCat! Board 24/7 +1-337-984-4794 any BAUD 8,N,1

--- GoldED+/W32-MSVC
* Origin: FIDONet - The Positronium Repository (1:393/68)

* An ongoing debate between Janis Kracht and All rages on ...

I've had one fellow report this though all files hatched were checked
with Frisk's f-prot at the time of release. I'm expecting false

Probably false, my system scanned 2,864,973 files in 42:14 and all clean :)

--
Guardien Fide :^)

Ben aka cMech Web: http://cmech.dynip.com
Email: fido4cmech(at)lusfiber.net
Home page: http://users.lusfiber.net/~fido4cmech
WildCat! Board 24/7 +1-337-984-4794 any BAUD 8,N,1

--- GoldED+/W32-MSVC
* Origin: FIDONet - The Positronium Repository (1:393/68)

* An ongoing debate between Janis Kracht and All rages on ...

I've had one fellow report this though all files hatched were checked
with Frisk's f-prot at the time of release. I'm expecting false

Probably false, my system scanned 2,864,973 files in 42:14 and all clean :)

Thanks for your note Ben.. It's all I can figure..

--- BBBS/Li6 v4.10 Dada-1
* Origin: Prism bbs (1:261/38)

Hello Nicholas!

Monday July 07 2014 16:33, you wrote to Janis Kracht:

Is anyone's anti-virus software showing any PDN file infected
with virus or trojans?

I've had one fellow report this though all files hatched were
checked with Frisk's f-prot at the time of release. I'm
expecting false positives... but still.... Just curious if it's
one fellow's system or what...

These files generally are sent here by authors or picked up from
sites like git-hub etc.

I haven't added any of the new areas at this point, but nothing has
been reported as being infected up till now from the entire filegate.
I'm using the latest version of clamav and every time it's ran I run "freshclam" which downloads the latest definitions.

Thats what I am using e.g., clamd v0.98.4 and I am getting this and this has reduced for the latest virus defs:

-------------------------
/home/mbse/ftp/pub/gfd/inf/apps/CGPGUIDE.ZIP: BC.Exploit.CVE_2012_4148 FOUND LibClamAV Warning: cli_scanswf: GETBITS: Can't read file or file truncated LibClamAV Warning: cli_scanswf: GETBITS: Can't read file or file truncated LibClamAV Warning: cli_scanswf: GETBITS: Can't read file or file truncated LibClamAV Warning: cli_scanswf: GETBITS: Can't read file or file truncated /home/mbse/ftp/pub/ifdc/win_game/25AWNMCW.ZIP: Win.Trojan.Katusha-591 FOUND LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file /home/mbse/ftp/pub/ifdc/win_util/SIM502.ZIP: Win.Trojan.Qhost-1813 FOUND /home/mbse/ftp/pub/ifdc/win_util/ABIPO286.ZIP: Win.Adware.Adgazelle-1 FOUND /home/mbse/ftp/pub/ifdc/win_util/FCPORT65.ZIP: Win.Adware.Adgazelle-1 FOUND /home/mbse/ftp/pub/ifdc/win_util/PAPSU112.ZIP: Win.Adware.Adgazelle-1 FOUND /home/mbse/ftp/pub/ifdc/win_util/BC137X86.ZIP: Win.Adware.Adgazelle-1 FOUND /home/mbse/ftp/pub/ifdc/win_util/7Z920POR.ZIP: Win.Adware.Adgazelle-1 FOUND /home/mbse/ftp/pub/ifdc/win_util/VLCPO213.ZIP: Win.Adware.Adgazelle-1 FOUND /home/mbse/ftp/pub/ifdc/win_util/BC137X64.ZIP: Win.Adware.Adgazelle-1 FOUND LibClamAV Warning: cli_scanicon: found 7 invalid icon entries of 7 total LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file /home/mbse/ftp/pub/local/dos-archivers/PKZW400S.ZIP: Win.Trojan.Banload-4207 FOUND
LibClamAV Warning: Partial message received from MUA/MTA - message cannot be scanned
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
/home/mbse/ftp/pub/linux/lnx4games/25AWNMCL.ZIP: Win.Trojan.Katusha-591 FOUND LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
LibClamAV Warning: cli_scanicon: found 2 invalid icon entries of 15 total LibClamAV Warning: cli_scanicon: found 2 invalid icon entries of 15 total /home/vince/Documents/Asus-P5QL-EPU/VIA_Audio_Audio_V6017400_XpVistaWin7/Audio/ Driver/VIAHDAud/HDBusDrv/HDW2K3x64.exe: Win.Trojan.Vjadtre-22 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3494442
Engine version: 0.98.4
Scanned directories: 150800
Scanned files: 357666
Infected files: 13
Data scanned: 150978.61 MB
Data read: 249482.75 MB (ratio 0.61:1)
Time: 10926.665 sec (182 m 6 s)
-------------------------

The entries for SWF file types etc, is extremely puzzling.

I did try and use F-Prot but getting seg. faults but there again it is over two years old and running it on a x64 bit system.

Vince

--- Linux/Mbse v1.1.02/GoldED+/LNX 1.1.5-b20120229
* Origin: Air Applewood, The Linux Gateway to the UK (2:250/1)

* An ongoing debate between Vince Coen and Nicholas Boel rages on ...

Thats what I am using e.g., clamd v0.98.4 and I am getting this and
this has reduced for the latest virus defs:

file /home/mbse/ftp/pub/ifdc/win_util/SIM502.ZIP:
Win.Trojan.Qhost-1813
FOUND /home/mbse/ftp/pub/ifdc/win_util/ABIPO286.ZIP: Win.Adware.Adgazelle-1
FOUND /home/mbse/ftp/pub/ifdc/win_util/FCPORT65.ZIP: Win.Adware.Adgazelle-1
FOUND /home/mbse/ftp/pub/ifdc/win_util/PAPSU112.ZIP: Win.Adware.Adgazelle-1
FOUND /home/mbse/ftp/pub/ifdc/win_util/BC137X86.ZIP: Win.Adware.Adgazelle-1
FOUND /home/mbse/ftp/pub/ifdc/win_util/7Z920POR.ZIP: Win.Adware.Adgazelle-1
FOUND /home/mbse/ftp/pub/ifdc/win_util/VLCPO213.ZIP: Win.Adware.Adgazelle-1
FOUND /home/mbse/ftp/pub/ifdc/win_util/BC137X64.ZIP: Win.Adware.Adgazelle-1 FOUND LibClamAV Warning: cli_scanicon: found 7 invalid icon entries of 7 total LibClamAV info: scancws: Error

These are my hatches and have been scanned by several scanners (Microsoft, McAfee and LavaSoft) with negative results across the board. I needed 7Zip anyway, so I installed the portable version (listed above) and tested same. I saw no evidence of ANY malware, Adware, etc., nor did a run of the scanners.

My only conclusion has to be you are getting false hits. Contact ClamAV!

Janis, some of these are yours (WinGame) and bear double-checking as they're listed as actually infected with something, yes?

--
Guardien Fide :^)

Ben aka cMech Web: http://cmech.dynip.com
Email: fido4cmech(at)lusfiber.net
Home page: http://users.lusfiber.net/~fido4cmech
WildCat! Board 24/7 +1-337-984-4794 any BAUD 8,N,1

--- GoldED+/W32-MSVC
* Origin: FIDONet - The Positronium Repository (1:393/68)

Hi Ben,

Janis, some of these are yours (WinGame) and bear double-checking as they're listed as actually infected with something, yes?

I'll check it out.. Thanks Ben

Take care,
Janis

--- BBBS/Li6 v4.10 Dada-1
* Origin: Prism bbs (1:261/38)

Janis, some of these are yours (WinGame) and bear double-checking as they're listed as actually infected with something, yes?

/win_game/25AwnmcW.zip comes up clean here with latest virus defs.. /lnx4games/25AwnmcL.zip also comes up clean (Gert's hatch) /pkware/pkwin32/pkzw400s.zip comes up clean...

I dunno.. <g>

Anyone else see a problem with these files on their system?

--- BBBS/Li6 v4.10 Dada-1
* Origin: Prism bbs (1:261/38)

* An ongoing debate between Janis Kracht and Ben Ritchey rages on ...

/win_game/25AwnmcW.zip comes up clean here with latest virus defs.. /lnx4games/25AwnmcL.zip also comes up clean (Gert's hatch) /pkware/pkwin32/pkzw400s.zip comes up clean...

Never hurts to double check {chuckle} all my scanners agree with you, too. :)

--
Guardien Fide :^)

Ben aka cMech Web: http://cmech.dynip.com
Email: fido4cmech(at)lusfiber.net
Home page: http://users.lusfiber.net/~fido4cmech
WildCat! Board 24/7 +1-337-984-4794 any BAUD 8,N,1

--- GoldED+/W32-MSVC
* Origin: FIDONet - The Positronium Repository (1:393/68)

Janis,

.... all I can figure is maybe some of these files are so old (like
going back to 1980's and 90's), the heuristics engine thinks they're bad? Ever seen anything like that?

I've seen instances I suspected were like that but was never really sure, and I also didn't trust the scanner in those instances in case...




Jame

--- BBBS/Li6 v4.10 Dada-1
* Origin: BBBS Info at Rocasa (1:120/546)

Hi Jame,

.... all I can figure is maybe some of these files are so old (like
going back to 1980's and 90's), the heuristics engine thinks they're bad?
Ever seen anything like that?

I've seen instances I suspected were like that but was never really sure, and I also didn't trust the scanner in those instances in case...

Ok :) Thanks Jame.

Take care,
Janis

--- BBBS/Li6 v4.10 Dada-1
* Origin: Prism bbs (1:261/38)