qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] virus in colibriOS QEMU iso?


From: Kashyap Chamarthy
Subject: Re: [Qemu-devel] virus in colibriOS QEMU iso?
Date: Fri, 23 Dec 2016 04:20:32 -0500 (EST)

[...]

> On 22.12.2016 18:37, address@hidden wrote:
> > Hi, just letting you know that Avira found some crypto-locker virus in
> > ColibriOS iso that you featured in QEMU Advent Calendar 2016. Maybe you
> > should look into that. I am not sure if it’s a false positive or not.. You
> > can check the attachment for a screenshot  of the result.
> 
> That sounds ugly ... 

That sounds super ugly indeed :-(

> I think we just packaged the .iso from the official
> KolibriOS website here (Kashyap, can you confirm?),

Yes, I can confirm that I have downloaded the ISO from the 
official website -- it's a nightly build of their 
SVN revision 6766.

These are local notes on preparing sources from 
the day I made the image (where the SVN revision 
was at 6766):

============
$ svn checkout svn://kolibrios.org -r 6766

$ svn log | head -5
------------------------------------------------------------------------
r6766 | IgorA | 2016-11-26 23:57:24 +0100 (Sat, 26 Nov 2016) | 1 line

fix bugs

$ du -sh ../sources-kolibrios/
1.4G    ../sources-kolibrios/

$ du -sh .svn/
662M    .svn/

$ rm -rf .svn

$ du -sh ../sources-kolibrios-rev-6766/
691M    ../sources-kolibrios-rev-6766/

$ tar -cJf sources-kolibrios-rev-6766.tar.xz sources-kolibrios-rev-6766/

$ du -sh sources-kolibrios-rev-6766.tar.xz 
93M     sources-kolibrios-rev-6766.tar.xz
============

> so if this is not
> just a false positive, the problem very likely comes from there.

Indeed.

> If you've got some spare minutes, could you maybe check the download
> from http://kolibrios.org/en/download , too?
> 
> As far as I can see, there should not be any real danger here unless you
> put the .iso file onto a real CD-ROM or USB stick and start the .exe
> files in there (which is of course not necessary for starting a VM with
> the .iso file). 

Yes, exactly, but still this incident is not nice to hear.

> But anyway, this needs some closer investigation, to see
> whether it's a false positive or not, so I've disabled that download for
> now. We'll let you know when we know more ... Thanks for reporting the
> issue!

Yes, thanks for bringing it up. I'm afraid, I'm a little short 
on time, but will try to investigate later today.

Regards,
Kashyap



reply via email to

[Prev in Thread] Current Thread [Next in Thread]