cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Stefan Winter <stefan.winter AT restena.lu>
- To: "Johnson, Neil M" <neil-johnson AT uiowa.edu>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
- Subject: Re: [[cat-users]] Windows Installer being reported as infected.
- Date: Wed, 18 May 2016 07:50:11 +0200
- Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hello,
> Our Security office is getting reports that the windows installer is
> infected. See the following links for more information:
>
> https://www.virustotal.com/en/file/4c91682fe349bfe17d85ee4a959c13fb0d335cbd9576043baec2e4baa07f890d/analysis/1463495949/
> https://www.virustotal.com/en/file/6c9d164d83a0272f81f13b23a88380fab600d75a38b1deace7f31138cc7419bf/analysis/1463495432/
> https://www.virustotal.com/en/file/ffadee0859cc09090ffd7627e51f79ae4ccb54a4dab91674b77dc824608f2286/analysis/
> https://www.virustotal.com/en/file/ffadee0859cc09090ffd7627e51f79ae4ccb54a4dab91674b77dc824608f2286/analysis/
We occasionally see reports like this, but they are not an indication of
an infection.
Please observe that only a few and mostly exotic scanners think they
have an issue with the executable.
Of those reported "infections", virtually all of them are not based on
actual hard evidence but come from a heuristics match - names like
"*Suspicious* or Malware.*Gen[eric]* show that nicely.
These heuristics are (likely) based on the fact that we are modifying
security-relevant settings such as injecting the PEAP password into the
Windows registry. This is however our core business and it's going to
stay that way :-)
A "real" infection would show on VirusTotal as hitting a majority of AV
engines, not 2-4 out of 56. And particularly Baidu continuously stands
out as being notoriously wrong on our installers - it's reporting
"WisdomEyes" since months, but continues to be the only one.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0x8A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
- [[cat-users]] Windows Installer being reported as infected., Johnson, Neil M, 05/17/2016
- Re: [[cat-users]] Windows Installer being reported as infected., Stefan Winter, 05/18/2016
- Re: [[cat-users]] Windows Installer being reported as infected., Stefan Winter, 05/18/2016
- Re: [[cat-users]] Windows Installer being reported as infected., Alan Buxey, 05/18/2016
- Re: [[cat-users]] Windows Installer being reported as infected., Stefan Winter, 05/18/2016
- Re: [[cat-users]] Windows Installer being reported as infected., Alan Buxey, 05/18/2016
- Re: [[cat-users]] Windows Installer being reported as infected., Stefan Winter, 05/18/2016
- Re: [[cat-users]] Windows Installer being reported as infected., Stefan Winter, 05/18/2016
Archive powered by MHonArc 2.6.19.