[prev in list] [next in list] [prev in thread] [next in thread]
List: gpg4win-users-en
Subject: Re: [Gpg4win-users-en] Kleopatra doesn't work anymore
From: Andre Heinecke <aheinecke () intevation ! de>
Date: 2013-05-17 10:51:51
Message-ID: 201305171251.58099.aheinecke () intevation ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
Hi,
On Friday 17 May 2013 09:23:30 Bernhard Reiter wrote:
> Ron has send me an anwer, here is short summary:
>
> On Thursday 16 May 2013 at 22:06:56, Bernhard Reiter wrote:
> > Am Donnerstag, 16. Mai 2013, 21:19:57 schrieb Ron Willems:
> > > I installed the new beta release 2.1.1. I encoutered malware inside the
> > > excecutable!!!
> >
> > Did you check the integrity? If so, how.
>
> He meanwhile checked the integrity by find a tool for the sha1sum.
>
> > It possibly could be a false positive, but you may have gotten a bad
> > binary, too. What is the precise message?
The false positive was scdaemon.exe. I've reported this to F-Secure and they
already responded to my ticket. (I've attached their message) Can you try if
you can start kleopatra when you exclude scdaemon.exe from the real time scan
in the way they mention and reinstall gpg4win?
Regards,
Andre
--
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
["forwarded message" (message/rfc822)]
Return-Path: <ticketing-t960878@f-secure.com>
Received: from localhost (localhost.localdomain [127.0.0.1])
by kolab.intevation.de (Cyrus v2.3.16-kolab-nocaps) with LMTPA;
Fri, 17 May 2013 12:31:00 +0200
X-Sieve: CMU Sieve 2.3
Received: from localhost (localhost.localdomain [127.0.0.1])
by kolab.intevation.de (Postfix) with ESMTP id 88B1D94D169
for <andre.heinecke@intevation.de>; Fri, 17 May 2013 12:31:00 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at intevation.de
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=3.5 tests=[none]
Received: from localhost (localhost.localdomain [127.0.0.1])
by kolab.intevation.de (Postfix) with ESMTP id DF76694D16E
for <andre.heinecke@intevation.de>; Fri, 17 May 2013 12:30:54 +0200 (CEST)
X-Greylist: delayed 3756 seconds by postgrey-1.32 at kolab; Fri, 17 May 2013 12:30:54 \
CEST
Received: from helmsgmaster01.f-secure.com (helmsgmaster01.f-secure.com \
[193.110.108.20]) by kolab.intevation.de (Postfix) with ESMTP id B0F8794D169
for <aheinecke@intevation.de>; Fri, 17 May 2013 12:30:54 +0200 (CEST)
Received: from pps.filterd (helmsgmaster01.f-secure.com [127.0.0.1])
by helmsgmaster01.f-secure.com (8.14.5/8.14.5) with SMTP id r4HASwF4000483
for <aheinecke@intevation.de>; Fri, 17 May 2013 13:30:54 +0300
Received: from msgmaster.f-secure.com (fs-193-110-108-019.f-secure.com \
[193.110.108.19]) by helmsgmaster01.f-secure.com with ESMTP id 1ccadfsgvk-1
for <aheinecke@intevation.de>; Fri, 17 May 2013 13:30:54 +0300
Received: from pps.filterd (msgagent [127.0.0.1])
by msgagent.f-secure.com (8.14.4/8.14.4) with SMTP id r4HAUCFo013198
for <aheinecke@intevation.de>; Fri, 17 May 2013 13:30:54 +0300
Received: from fslabmail1-out ([10.128.6.11])
by msgagent.f-secure.com with ESMTP id 1cdj2t0241-1
for <aheinecke@intevation.de>; Fri, 17 May 2013 13:30:54 +0300
Received: from fsticketing01 (unknown [10.130.6.15])
by fslabmail1-out (Postfix) with ESMTP id EB04B16E08F
for <aheinecke@intevation.de>; Fri, 17 May 2013 13:30:53 +0300 (EEST)
From: F-Secure Security Labs <ticketing-t960878@f-secure.com>
To: aheinecke@intevation.de
Message-ID: <4648875.731368786653822.JavaMail.tomcat@fsticketing01>
Subject: Re: SAS:56442 : False positive : aheinecke@intevation.de
[FS-T960878]
MIME-Version: 1.0
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Fri, 17 May 2013 10:30:53 +0000 (UTC)
X-Proofpoint-Virus-Version: vendor=fsecure \
engine=2.50.10432:5.10.8626,1.0.431,0.0.0000 \
definitions=2013-05-17_05:2013-05-17,2013-05-17,1970-01-01 \
signatures=0
X-Proofpoint-Spam-Reason: safe
X-Kolab-Scheduling-Message: FALSE
X-UID: 187264
X-Length: 4340
Hello,
Thank you for your submission.
The file you submitted is indeed clean. A database update will be released to resolve \
this issue.
For the meantime, you may exclude this file from Real-time Scanning. Instructions for \
exclusions can be found here:
Internet Security 2013:
http://community.f-secure.com/t5/Security-for-PC/How-do-I-exclude-a-file-or/ta-p/15398
For the latest database updates please visit this page:
http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/140
We apologize for any inconveniences that this may have brought you. Should you have \
further questions, please do not hesitate to email us again.
Best regards,
--------
F-Secure Security Labs http://www.f-secure.com/weblog/
F-Secure Corporation http://www.f-secure.com/
-----Original Message-----
From: aheinecke@intevation.de
Date: Fri, 17 May 2013 09:27:50 +0000
Subject: SAS:56442 : False positive : aheinecke@intevation.de
> SampleType: False positive
> E-mail: aheinecke@intevation.de
> Name: aheinecke
> Country:
> Phone:
> Source: 212.95.107.190
>
> OS:
> Product:
> ProductVersion:
> DetectionName: Gen:Variant.Kazy.115700
> UpdatesVersion:
>
> Subject: False positive in part of gnupg-2.0.20
>
> Description:
>
> I've built the executable using gcc-mingw-w64 Version 4.6.3-14+8
>
> The sourcecode is available at:
> http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=tree;f=scd;h=e0ba41dfd9d
> f5a89e231a1ffb6b6ec09e1bb5e36;hb=refs/heads/STABLE-BRANCH-2-0
>
> There is no virus in this code. Please fix your detection.
["signature.asc" (application/pgp-signature)]
_______________________________________________
Gpg4win-users-en mailing list
Gpg4win-users-en@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/gpg4win-users-en
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic