[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] virus in colibriOS QEMU iso?
From: |
Kashyap Chamarthy |
Subject: |
Re: [Qemu-devel] virus in colibriOS QEMU iso? |
Date: |
Fri, 23 Dec 2016 04:20:32 -0500 (EST) |
[...]
> On 22.12.2016 18:37, address@hidden wrote:
> > Hi, just letting you know that Avira found some crypto-locker virus in
> > ColibriOS iso that you featured in QEMU Advent Calendar 2016. Maybe you
> > should look into that. I am not sure if it’s a false positive or not.. You
> > can check the attachment for a screenshot of the result.
>
> That sounds ugly ...
That sounds super ugly indeed :-(
> I think we just packaged the .iso from the official
> KolibriOS website here (Kashyap, can you confirm?),
Yes, I can confirm that I have downloaded the ISO from the
official website -- it's a nightly build of their
SVN revision 6766.
These are local notes on preparing sources from
the day I made the image (where the SVN revision
was at 6766):
============
$ svn checkout svn://kolibrios.org -r 6766
$ svn log | head -5
------------------------------------------------------------------------
r6766 | IgorA | 2016-11-26 23:57:24 +0100 (Sat, 26 Nov 2016) | 1 line
fix bugs
$ du -sh ../sources-kolibrios/
1.4G ../sources-kolibrios/
$ du -sh .svn/
662M .svn/
$ rm -rf .svn
$ du -sh ../sources-kolibrios-rev-6766/
691M ../sources-kolibrios-rev-6766/
$ tar -cJf sources-kolibrios-rev-6766.tar.xz sources-kolibrios-rev-6766/
$ du -sh sources-kolibrios-rev-6766.tar.xz
93M sources-kolibrios-rev-6766.tar.xz
============
> so if this is not
> just a false positive, the problem very likely comes from there.
Indeed.
> If you've got some spare minutes, could you maybe check the download
> from http://kolibrios.org/en/download , too?
>
> As far as I can see, there should not be any real danger here unless you
> put the .iso file onto a real CD-ROM or USB stick and start the .exe
> files in there (which is of course not necessary for starting a VM with
> the .iso file).
Yes, exactly, but still this incident is not nice to hear.
> But anyway, this needs some closer investigation, to see
> whether it's a false positive or not, so I've disabled that download for
> now. We'll let you know when we know more ... Thanks for reporting the
> issue!
Yes, thanks for bringing it up. I'm afraid, I'm a little short
on time, but will try to investigate later today.
Regards,
Kashyap