-
1. Re: wildfly-service.exe triggers f-secure
ctomc Jul 22, 2013 5:16 AM (in response to nickarls)Auch, we use http://commons.apache.org/proper/commons-daemon/procrun.html for this.
I wil ask guys that mentain it if they can take a look.
tnx,
tomaz
-
2. Re: wildfly-service.exe triggers f-secure
mladen.turk Jul 22, 2013 5:42 AM (in response to nickarls)Can you check the following binaries.
It might be false positive, but those ones are built out of clean VM
-
3. Re: wildfly-service.exe triggers f-secure
nickarls Jul 23, 2013 1:40 AM (in response to mladen.turk)I can handle those files OK but https://github.com/wildfly/wildfly/blob/master/build/src/main/resources/bin/service/wildfly-service.exe gives me the alert. Is wildfly-service.exe just a rename of the procrun binaries?
-
4. Re: wildfly-service.exe triggers f-secure
mladen.turk Jul 23, 2013 2:15 AM (in response to nickarls)Yes those are just renamed binaries.
Since I don't have access to F-secure can you check the binaries from
apache.org/dist/commons/daemon/binaries/windows/
Apparently those are the ones inside Wildfly (which I build manually, so I might have infected VM) which is serious and we have to replace those binaries.
However the same binary is part of each and every Apache Tomcat distribution so I wonder why this was not reported earlier.
-
5. Re: wildfly-service.exe triggers f-secure
mladen.turk Jul 23, 2013 2:21 AM (in response to nickarls)Hmm, on github the wildfly-service is 139Kb, procrun.exe is 72Kb. Apparently somone that pushed that binary has infected machine.
Tomaz we need to replace those ASAP (upload from Linux)
-
6. Re: wildfly-service.exe triggers f-secure
nickarls Jul 23, 2013 2:22 AM (in response to mladen.turk)And the size difference is not from 32/64bit version differences?
-
7. Re: wildfly-service.exe triggers f-secure
mladen.turk Jul 23, 2013 2:27 AM (in response to nickarls)Probably same stuff. Its 161Kb and it should be 101Kb. So 60K for virus
Seems that fharms upload that so he probably has infected machine. Trying to ping him on #wildfly ...
-
8. Re: wildfly-service.exe triggers f-secure
jaikiran Jul 23, 2013 2:40 AM (in response to mladen.turk)Mladen Turk wrote:
Probably same stuff. Its 161Kb and it should be 101Kb. So 60K for virus
Seems that fharms upload that so he probably has infected machine. Trying to ping him on #wildfly ...
If that's the case, we should be removing that file from the WildFly upstream till we have a fix.
-
9. Re: wildfly-service.exe triggers f-secure
fharms Jul 23, 2013 3:25 AM (in response to mladen.turk)The reason why the size is different is because the icon was replaced for the EXE files.
All files on my Mac is scanned with the latest McAfee and no threads is reported.
/Flemming
-
10. Re: wildfly-service.exe triggers f-secure
mladen.turk Jul 23, 2013 5:04 AM (in response to nickarls)Can you check rebuild binaries from
http://people.apache.org/~mturk/wildfly-service.zip
Its recompiled with wildfly icons rather then eidted binary.
Please check that so I can remove the file from the ASF server.
-
11. Re: wildfly-service.exe triggers f-secure
nickarls Jul 23, 2013 6:01 AM (in response to mladen.turk)I can unzip the wildfly-mgr.exe but the wildfly-service.exe triggers the alert.
-
12. Re: wildfly-service.exe triggers f-secure
mladen.turk Jul 23, 2013 7:24 AM (in response to nickarls)Use the icons from
http://people.apache.org/~mturk/wildfly-service-icons.zip
Seems originals have some binary sequence that triggers f-secure
-
13. Re: wildfly-service.exe triggers f-secure
fharms Jul 23, 2013 10:14 AM (in response to mladen.turk)I guess it safe to say it's a false positive. But I will update the PR with the latest binaries to prevent this in the future.