From: Kashyap Chamarthy <kchamart@redhat.com>
To: Thomas Huth <huth@tuxfamily.org>
Cc: vilcadam@gmail.com, qemu-devel@nongnu.org,
Kashyap Chamarthy <kashyapc@fedoraproject.org>
Subject: Re: [Qemu-devel] virus in colibriOS QEMU iso?
Date: Fri, 23 Dec 2016 04:20:32 -0500 (EST) [thread overview]
Message-ID: <1742192160.5141190.1482484832078.JavaMail.zimbra@redhat.com> (raw)
In-Reply-To: <6897002c-9618-ba6b-3d42-8595bb13ac09@tuxfamily.org>
[...]
> On 22.12.2016 18:37, vilcadam@gmail.com wrote:
> > Hi, just letting you know that Avira found some crypto-locker virus in
> > ColibriOS iso that you featured in QEMU Advent Calendar 2016. Maybe you
> > should look into that. I am not sure if it’s a false positive or not.. You
> > can check the attachment for a screenshot of the result.
>
> That sounds ugly ...
That sounds super ugly indeed :-(
> I think we just packaged the .iso from the official
> KolibriOS website here (Kashyap, can you confirm?),
Yes, I can confirm that I have downloaded the ISO from the
official website -- it's a nightly build of their
SVN revision 6766.
These are local notes on preparing sources from
the day I made the image (where the SVN revision
was at 6766):
============
$ svn checkout svn://kolibrios.org -r 6766
$ svn log | head -5
------------------------------------------------------------------------
r6766 | IgorA | 2016-11-26 23:57:24 +0100 (Sat, 26 Nov 2016) | 1 line
fix bugs
$ du -sh ../sources-kolibrios/
1.4G ../sources-kolibrios/
$ du -sh .svn/
662M .svn/
$ rm -rf .svn
$ du -sh ../sources-kolibrios-rev-6766/
691M ../sources-kolibrios-rev-6766/
$ tar -cJf sources-kolibrios-rev-6766.tar.xz sources-kolibrios-rev-6766/
$ du -sh sources-kolibrios-rev-6766.tar.xz
93M sources-kolibrios-rev-6766.tar.xz
============
> so if this is not
> just a false positive, the problem very likely comes from there.
Indeed.
> If you've got some spare minutes, could you maybe check the download
> from http://kolibrios.org/en/download , too?
>
> As far as I can see, there should not be any real danger here unless you
> put the .iso file onto a real CD-ROM or USB stick and start the .exe
> files in there (which is of course not necessary for starting a VM with
> the .iso file).
Yes, exactly, but still this incident is not nice to hear.
> But anyway, this needs some closer investigation, to see
> whether it's a false positive or not, so I've disabled that download for
> now. We'll let you know when we know more ... Thanks for reporting the
> issue!
Yes, thanks for bringing it up. I'm afraid, I'm a little short
on time, but will try to investigate later today.
Regards,
Kashyap
next prev parent reply other threads:[~2016-12-23 9:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-22 17:37 [Qemu-devel] virus in colibriOS QEMU iso? vilcadam
2016-12-23 8:30 ` Thomas Huth
2016-12-23 9:20 ` Kashyap Chamarthy [this message]
2016-12-23 10:25 ` Thomas Huth
2016-12-23 12:43 ` [Qemu-devel] [Resolved -- false positive] " Kashyap Chamarthy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1742192160.5141190.1482484832078.JavaMail.zimbra@redhat.com \
--to=kchamart@redhat.com \
--cc=huth@tuxfamily.org \
--cc=kashyapc@fedoraproject.org \
--cc=qemu-devel@nongnu.org \
--cc=vilcadam@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).