warning, lccwin32 virus

J

john

Hello

I downloaded lccwin32 a few days ago. Now in a routine virus scan, my
ClamAV detects a virus in lcc, but only in heuristics mode.

Currently lcc has been quarantined pending deletion. Has anyone else had
problems with viruses in some versions of lcc?

Thanks.
 
S

Seebs

I downloaded lccwin32 a few days ago. Now in a routine virus scan, my
ClamAV detects a virus in lcc, but only in heuristics mode.
Currently lcc has been quarantined pending deletion. Has anyone else had
problems with viruses in some versions of lcc?

No, but I have had problems with "heuristics" generating false positives;
I used to play a very nice game called "Arcanum", and at least one antivirus
vendor declared, a couple of years after the last patch came out, that the
last patch to it was probably a virus. Well, it wasn't, but sooner or
later, if you have enough signatures and enough files, you'll get
mismatches.

It may be worth checking with the vendor to see whether they can look at
it more closely, and either confirm that there's a virus, or update their
engine. I'd guess the latter. I don't get along with jacob very well,
but I do not imagine that he is shipping a virus either intentionally or
otherwise.

-s
p.s.: I do not consider "the idea that C should have operator overloading"
to be a plausible candidate for a "virus".
 
E

Eric Sosman

Hello

I downloaded lccwin32 a few days ago. Now in a routine virus scan, my
ClamAV detects a virus in lcc, but only in heuristics mode.

Currently lcc has been quarantined pending deletion. Has anyone else had
problems with viruses in some versions of lcc?

There's a newsgroup devoted to the lcc compiler, I think
it's comp.compilers.lcc -- look for a newsgroup with "lcc" in
the name somewhere, and you'll surely find it.
 
P

Peter Nilsson

john said:
I downloaded lccwin32 a few days ago. Now in a routine virus
scan, my ClamAV detects a virus in lcc, but only in heuristics
mode.

Currently lcc has been quarantined pending deletion. ...

<http://xkcd.com/36/>

Ask in comp.compilers.lcc.
 
P

Paul

john said:
Hello

I downloaded lccwin32 a few days ago. Now in a routine virus scan, my
ClamAV detects a virus in lcc, but only in heuristics mode.

Currently lcc has been quarantined pending deletion. Has anyone else had
problems with viruses in some versions of lcc?

Thanks.

Upload the file to virustotal.com and their site has multiple
AV products that will scan a file and tell you more about it.
If the majority of the scanners say it is infected, then
you'd know for sure. There is an upper limit to how big a file
you can upload, but other than that, it is a great service
for checking files.

http://en.wikipedia.org/wiki/Virustotal

One technique malware people use, is to hack legitimate web sites
and do whatever is necessary to infect them. It doesn't matter
who runs a site, sooner or later, hackers will take a shot at
messing with it. So even if you detect problems with the file
you downloaded, the site owner might not be the source of the
infection.

Paul
 
J

jacob navia

john a écrit :
Hello

I downloaded lccwin32 a few days ago. Now in a routine virus scan, my
ClamAV detects a virus in lcc, but only in heuristics mode.

Currently lcc has been quarantined pending deletion. Has anyone else had
problems with viruses in some versions of lcc?

Thanks.

You are spreading misinformation with the objective of sinking lcc-win.

Well, you will not succeed.

jacob
 
K

Keith Thompson

jacob navia said:
john a écrit :

You are spreading misinformation with the objective of sinking lcc-win.

How do you know that?

Isn't it possible that ClamAV *incorrectly* detected a virus,
and that he (wrongly IMHO) thought that posting to comp.lang.c
was the appropriate way to follow up on it? Or even that the
distribution somehow accidentally acquired a virus of some sort?
(I don't believe for a moment that you would deliberately distribute
infected software, but accidents happen.)

How do you know what his objective is? Are you a mind-reader?
Well, you will not succeed.

He stated, not that lcc-win is infected, but merely that "ClamAV
detects a virus in lcc". That may well be perfectly factual. You,
on the other hand, have stated that he is deliberately lying with a
specific malicious purpose. Unless you can back up that accusation,
I suggest you withdraw it. (I hardly expect you to do so, but
I'd be glad to be proven wrong on that point.)

I acknowledge the possibility that you do have some supporting
evidence for your claims. If so, please share it, or at least
say so.

(I, on the other hand, have supporting evidence that you have a
history of accusing people of evil motiviations that they do not
have -- you've done it to me.)
 
P

Peter Nilsson

[Crosspost and followups to comp.compilers.lcc]

jacob navia said:
john a écrit :

For those wishing to one day distribute their own software,
I offer how I would respond to such a report (after actually
performing the mentioned checks):

John,

I have scanned the executable and zip file on Server X
using product Y with virus definition file dated Z. It
is scanned daily. It is clean. I have verified that the
files have not been modified since S and I have had no
confirmed positive virus reports for any of those files
since that date.

If you did not download from that server, please do so.

Should CleanAV still indicate that a virus is present,
then I'm inclined to think that heuristic mode is
yielding a false positive, or you have an undetected
virus on your PC that is infecting downloaded files.

Whilst the appropriate disclaimers apply, I can assure
you that I have done all that is possible to ensure
the files on these servers are virus free.

I am not aware of any similar reports, but will monitor
this thread to see if there is an issue with CleanAV.
If there is a sufficiently large number of people
experiencing the same problem, I will investigate
modifying the zip file and executable or issuing a
notice advising of a known false possitive by
CleanAV in heuristic mode.

Note that I assumed the report was made in good faith.
Note that I showed concern over the report and recognised
the seriousness of it, if true. Note that I examined my
server in response to the report. Note that I offered
possible and highly plausable reasons for the poster's
observation. Note that I offered a possible solution.
Note that I offered to take further action should the
report be common amongst my customers.

Now compare and contrast that with...
You are spreading misinformation with the objective of
sinking lcc-win.

Well, you will not succeed.

You have not taken the report seriously. You have not given
any indication that you have checked your product. You have
instead challanged assumed personal motives without responding
to any of the statements made. You have offered no possible
explanation for their problem, let alone a possible solution,
with complete contempt for anyone else who may have had the
same observation but not reported it.

You have not let one of your customers down, you have let
them _all_ down!
 
K

Keith Thompson

john said:
I downloaded lccwin32 a few days ago. Now in a routine virus scan, my
ClamAV detects a virus in lcc, but only in heuristics mode.

Currently lcc has been quarantined pending deletion. Has anyone else had
problems with viruses in some versions of lcc?

Apparently there have been problems with false positives from virus
scanners on lcc-win32 before. See
<http://groups.google.com/group/comp.compilers.lcc/msg/55bc3583b7bbebb5>.

I'd normally suggest that posting to comp.compilers.lcc or contacting
the provider directly would be more appropriate than posting here, but
given the reception you got ...
 
B

bartc

Peter said:
[Crosspost and followups to comp.compilers.lcc]

jacob navia said:
john a écrit :
For those wishing to one day distribute their own software,
I offer how I would respond to such a report (after actually
performing the mentioned checks):
....

Now compare and contrast that with...


You have not taken the report seriously.

Look at the subject line. It suggests that the program download does in fact
contain a virus. It might of course have been added in the OP's machine. You
might direct your advice to the OP instead.

I'm assuming the report was genuine, although coupled with another post made
to a uk.* group ten minutes earlier which also seemed a little suspect, I
had some doubts.
 
P

Peter Nilsson

bartc said:
Peter said:
[Crosspost and followups to comp.compilers.lcc]

Which you reverted back to comp.lang.c. I've cross posted
this to cclcc and set followups again since this is not a
discussion about C, but about lccwin32's maintainer.
Look at the subject line.

What about it?
It suggests that the program download does in fact
contain a virus.

I had to read the body to find out what the OP was talking
about.

In any case, that consumers often complain without good
cause, or through the wrong channels, is something every
business has to deal with at some point.
It might of course have been added in the OP's machine.

More likely there never was a virus and the OP has simply
panicked.
You might direct your advice to the OP instead.

I referred them to cclcc in an earlier post. But as Keith
Thompson points out elsethread, contacting Jacob direct
would have been a better starting point.
I'm assuming the report was genuine,

I'm assuming the OP's observations are genuine, but their
report was overly haste and ill thought out.
although coupled with another post made to a uk.* group ten
minutes earlier which also seemed a little suspect, I had
some doubts.

Did Jacob know of it? Did his customers? All I saw, as I'm
sure most people saw, was Jacob's confrontational and very
unconstructive response to what could have been a legitimate
(albeit naive) report on a product he maintains.

It's his choice, but my advice to other readers is not to
behave that way if someone gets it wrong on a product you
deliver.
 
I

Ian Collins

Look at the subject line. It suggests that the program download does in
fact contain a virus.

Virus, what's one of those :)

Risk of contamination is good reason to publish an MD5 checksum for
downloads.
 
J

J de Boyne Pollard

Look at the subject line. It suggests that the program
Virus, what's one of those :)

It's one of those things that Ken Thompson put in your compiler
years ago, that you are unknowingly still infected by today.

Should we take this thread as indicative of the ClamAV people
having finally found a way to beat Ken Thompson? (-:
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,904
Latest member
HealthyVisionsCBDPrice

Latest Threads

Top