From: Kashyap Chamarthy <kchamart@redhat.com>
To: Thomas Huth <huth@tuxfamily.org>
Cc: vilcadam@gmail.com, qemu-devel@nongnu.org,
Kashyap Chamarthy <kashyapc@fedoraproject.org>
Subject: Re: [Qemu-devel] virus in colibriOS QEMU iso?
Date: Fri, 23 Dec 2016 04:20:32 -0500 (EST) [thread overview]
Message-ID: <1742192160.5141190.1482484832078.JavaMail.zimbra@redhat.com> (raw)
In-Reply-To: <6897002c-9618-ba6b-3d42-8595bb13ac09@tuxfamily.org>
[...]
> On 22.12.2016 18:37, vilcadam@gmail.com wrote:
> > Hi, just letting you know that Avira found some crypto-locker virus in
> > ColibriOS iso that you featured in QEMU Advent Calendar 2016. Maybe you
> > should look into that. I am not sure if it’s a false positive or not.. You
> > can check the attachment for a screenshot of the result.
>
> That sounds ugly ...
That sounds super ugly indeed :-(
> I think we just packaged the .iso from the official
> KolibriOS website here (Kashyap, can you confirm?),
Yes, I can confirm that I have downloaded the ISO from the
official website -- it's a nightly build of their
SVN revision 6766.
These are local notes on preparing sources from
the day I made the image (where the SVN revision
was at 6766):
============
$ svn checkout svn://kolibrios.org -r 6766
$ svn log | head -5
------------------------------------------------------------------------
r6766 | IgorA | 2016-11-26 23:57:24 +0100 (Sat, 26 Nov 2016) | 1 line
fix bugs
$ du -sh ../sources-kolibrios/
1.4G ../sources-kolibrios/
$ du -sh .svn/
662M .svn/
$ rm -rf .svn
$ du -sh ../sources-kolibrios-rev-6766/
691M ../sources-kolibrios-rev-6766/
$ tar -cJf sources-kolibrios-rev-6766.tar.xz sources-kolibrios-rev-6766/
$ du -sh sources-kolibrios-rev-6766.tar.xz
93M sources-kolibrios-rev-6766.tar.xz
============
> so if this is not
> just a false positive, the problem very likely comes from there.
Indeed.
> If you've got some spare minutes, could you maybe check the download
> from http://kolibrios.org/en/download , too?
>
> As far as I can see, there should not be any real danger here unless you
> put the .iso file onto a real CD-ROM or USB stick and start the .exe
> files in there (which is of course not necessary for starting a VM with
> the .iso file).
Yes, exactly, but still this incident is not nice to hear.
> But anyway, this needs some closer investigation, to see
> whether it's a false positive or not, so I've disabled that download for
> now. We'll let you know when we know more ... Thanks for reporting the
> issue!
Yes, thanks for bringing it up. I'm afraid, I'm a little short
on time, but will try to investigate later today.
Regards,
Kashyap
next prev parent reply other threads:[~2016-12-23 9:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-22 17:37 [Qemu-devel] virus in colibriOS QEMU iso? vilcadam
2016-12-23 8:30 ` Thomas Huth
2016-12-23 9:20 ` Kashyap Chamarthy [this message]
2016-12-23 10:25 ` Thomas Huth
2016-12-23 12:43 ` [Qemu-devel] [Resolved -- false positive] " Kashyap Chamarthy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1742192160.5141190.1482484832078.JavaMail.zimbra@redhat.com \
--to=kchamart@redhat.com \
--cc=huth@tuxfamily.org \
--cc=kashyapc@fedoraproject.org \
--cc=qemu-devel@nongnu.org \
--cc=vilcadam@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.