[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-glpk] Trojan Horse in Gusek

From: Luiz Bettoni
Subject: Re: [Help-glpk] Trojan Horse in Gusek
Date: Wed, 7 Sep 2011 17:27:25 -0300

From: Andrew Makhorin <address@hidden>
Date: Wed, 07 Sep 2011 00:56:15 +0400
Subject: Re: [Help-glpk] Trojan Horse in Gusek

Thank you very much for information.

It seems to me that it would be better to calculate the md5 check-sums
for .zip and .tar.gz on the developer's machine and provide them on the
project's webpage (or maybe provide gpg signatures, as used for all GNU
packages for last several years) along with a brief instruction (for MS
Windows users) about how to make sure that the distributed files have
been untouched. This is the only reliable way I know to protect files
against intentional/unintentional changes on distributing them over the
internet. Including in an anti-virus whitelist doesn't seem to me a good

Best regards,

Andrew Makhorin

Hi all,

I've been alway for a long time, so sorry by the unanswered questions.

About virus on Gusek, this is not the first false-positive. Antivirus that are using heuristics and a high level of protection (like Karsperky on the lab that i've maintaining in the last 5 years) seems to do this in a lot of development tools that calls another executables (like SciTE, DevC++ and GAMS, to cite only few ones that i've been "white-listing" on our machines to preserve our developing ambient). I also think that the best practice is verify the checksums with the originals and check with another antivirus online and, if you are sure that is not a virus, report the false-positive using your antivirus software (if it let you do this).

By the way, since GUSEK 0.2.7 (26/11/2009) the GLPK executables (including the infected file pointed, GLPSOL.EXE) are the same from GLPK for Windows pre-build binaries (thanks, Xypron!). You can check the same file (Gusek 0.2.12 uses GLPK-4.45) from with your antivirus to ensure that are the same? If you wanna try, you can also replace the binaries (glspol.exe and the generated dll's) to run the newer GLPK version. When I can I'll update Gusek to the last GLPK revision (shortly, I guess).

Also, there is always the chance that the executable in your machine have been infected by an virus that are running on memory, you can do update in your antivirus and a full search in safe mode to check this (but the the best way is boot another live media and do a full scan without using your operational system).

About checksum pratices, Andrew, I've uploaded checksums on the earlier versions of Gusek, but using the one provided by sourceforge seems to be sufficient to me (i check the checksum on every upload, also).

Luiz Bettoni

reply via email to

[Prev in Thread] Current Thread [Next in Thread]