From: Thomas Huth <huth@tuxfamily.org>
To: vilcadam@gmail.com
Cc: Kashyap Chamarthy <kashyapc@fedoraproject.org>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] virus in colibriOS QEMU iso?
Date: Fri, 23 Dec 2016 11:25:18 +0100 [thread overview]
Message-ID: <b1eadebd-2585-94e9-447b-252c7654691a@tuxfamily.org> (raw)
In-Reply-To: <1742192160.5141190.1482484832078.JavaMail.zimbra@redhat.com>
On 23.12.2016 10:20, Kashyap Chamarthy wrote:
> [...]
>
>> On 22.12.2016 18:37, vilcadam@gmail.com wrote:
>>> Hi, just letting you know that Avira found some crypto-locker virus in
>>> ColibriOS iso that you featured in QEMU Advent Calendar 2016. Maybe you
>>> should look into that. I am not sure if it’s a false positive or not.. You
>>> can check the attachment for a screenshot of the result.
>>
>> That sounds ugly ...
>
> That sounds super ugly indeed :-(
>
>> I think we just packaged the .iso from the official
>> KolibriOS website here (Kashyap, can you confirm?),
>
> Yes, I can confirm that I have downloaded the ISO from the
> official website -- it's a nightly build of their
> SVN revision 6766.
OK, as far as I can see, the issue comes from the setmbr.exe that is
contained in the iso for writing the KolibriOS to an USB stick.
According to http://board.kolibrios.org/viewtopic.php?t=2295 the report
from Avira is a false positive (likely caused because the program tries
to write to the MBR - which is also what some viruses / trojans are doing).
Anyway, since these Windows tools are not required for running KolibriOS
in a VM, I've now removed them from the iso image and uploaded a new
version to avoid future confusion:
http://www.qemu-advent-calendar.org/2016/download/day09-v2.tar.xz
If you've got some spare minutes, it would be great if you could give
that new version another try to see whether the warning from Avira is
now properly gone (I don't have a Windows here to test this on my own).
Thanks,
Thomas
next prev parent reply other threads:[~2016-12-23 10:25 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-22 17:37 [Qemu-devel] virus in colibriOS QEMU iso? vilcadam
2016-12-23 8:30 ` Thomas Huth
2016-12-23 9:20 ` Kashyap Chamarthy
2016-12-23 10:25 ` Thomas Huth [this message]
2016-12-23 12:43 ` [Qemu-devel] [Resolved -- false positive] " Kashyap Chamarthy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b1eadebd-2585-94e9-447b-252c7654691a@tuxfamily.org \
--to=huth@tuxfamily.org \
--cc=kashyapc@fedoraproject.org \
--cc=qemu-devel@nongnu.org \
--cc=vilcadam@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).