Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] virus in source?

Date: Tue, 23 Oct 2018 18:41:44 +0000
From: John M Knoeller <johnkn@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] virus in source?

It's a false positive.  a simple tool used by the Windows version of the HTCondor test suite. (think echo)

> md5sum append*.exe
f8c18ea7db5c10ae556799f1953bfd24 *appendmsg.exe

>link -dump -imports appendmsg.exe
Microsoft (R) COFF/PE Dumper Version 11.00.61030.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file appendmsg.exe

File Type: EXECUTABLE IMAGE

  Section contains the following imports:

    KERNEL32.dll
                403000 Import Address Table
                4036C0 Import Name Table
                     0 time date stamp
                     0 Index of first forwarder reference

                  16D ExitProcess
                   8E CloseHandle
                  26A GetLastError
                  55F Sleep
                  2DD GetStdHandle
                  1E3 GetCommandLineW
                  5F1 WriteFile
                  43C QueryPerformanceCounter
                  3C9 LocalAlloc
                   D6 CreateFileW

  Summary

        1000 .data
        1000 .rdata
        1000 .reloc
        2000 .text


-tj

-----Original Message-----
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> On Behalf Of Michael Di Domenico
Sent: Tuesday, October 23, 2018 10:39 AM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: [HTCondor-users] virus in source?

when unpacking the condor source mcafee hits on this file

-rwxr-xr-x condorauto/condorauto 8704 2018-07-31 22:54
condor-8.6.12/src/condor_tests/appendmsg.exe
Found the RDN/Generic.dx trojan !!!

i'm sure this is a false positive, but can someone else check it out as well.

i'd also like to comment that it would be nice if a source tarball of
software did not contain pre-compiled binary executables

./src/condor_tests/appendmsg.exe: PE32 executable (console) Intel
80386, for MS Windows
./src/condor_tests/sleep.exe: PE32 executable (console) Intel 80386,
for MS Windows
./src/condor_tests/timed_cmd.exe: PE32+ executable (console) x86-64,
for MS Windows
./msconfig/rm.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/sed.exe: PE32 executable (console) Intel 80386 (stripped to
external PDB), for MS Windows
./msconfig/echo.exe: PE32+ executable (console) x86-64, for MS Windows
./msconfig/grep.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/mv.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/unzip.exe: PE32 executable (console) Intel 80386 (stripped
to external PDB), for MS Windows
./msconfig/awk.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/cp.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/cat.exe: PE32 executable (console) Intel 80386 (stripped to
external PDB), for MS Windows
./msconfig/wget.exe: PE32 executable (console) Intel 80386, for MS
Windows, UPX compressed
./msconfig/mkdir.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/cdmake.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/patch.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/izip.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/libarchive2.dll: PE32 executable (DLL) (console) Intel
80386 (stripped to external PDB), for MS Windows
./msconfig/gmake.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/zlib1.dll: PE32 executable (DLL) (console) Intel 80386
(stripped to external PDB), for MS Windows
./msconfig/tail.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/condor_mail.exe: PE32 executable (console) Intel 80386
Mono/.Net assembly, for MS Windows
./msconfig/flex.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/bzip2.dll: PE32 executable (DLL) (console) Intel 80386
(stripped to external PDB), for MS Windows
./msconfig/touch.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/bison.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/gunzip.exe: PE32 executable (console) Intel 80386, for MS Windows
./msconfig/tar.exe: PE32 executable (console) Intel 80386 (stripped to
external PDB), for MS Windows
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

References:
- [HTCondor-users] virus in source?
  - From: Michael Di Domenico

Prev by Date: [HTCondor-users] virus in source?
Next by Date: Re: [HTCondor-users] RESERVED_MEMORY not considered by HTCondor
Previous by thread: [HTCondor-users] virus in source?
Next by thread: [HTCondor-users] move job between nodes
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

Re: [HTCondor-users] virus in source?