[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] virus in colibriOS QEMU iso?
|
From: |
Thomas Huth |
|
Subject: |
Re: [Qemu-devel] virus in colibriOS QEMU iso? |
|
Date: |
Fri, 23 Dec 2016 11:25:18 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 |
On 23.12.2016 10:20, Kashyap Chamarthy wrote:
> [...]
>
>> On 22.12.2016 18:37, address@hidden wrote:
>>> Hi, just letting you know that Avira found some crypto-locker virus in
>>> ColibriOS iso that you featured in QEMU Advent Calendar 2016. Maybe you
>>> should look into that. I am not sure if it’s a false positive or not.. You
>>> can check the attachment for a screenshot of the result.
>>
>> That sounds ugly ...
>
> That sounds super ugly indeed :-(
>
>> I think we just packaged the .iso from the official
>> KolibriOS website here (Kashyap, can you confirm?),
>
> Yes, I can confirm that I have downloaded the ISO from the
> official website -- it's a nightly build of their
> SVN revision 6766.
OK, as far as I can see, the issue comes from the setmbr.exe that is
contained in the iso for writing the KolibriOS to an USB stick.
According to http://board.kolibrios.org/viewtopic.php?t=2295 the report
from Avira is a false positive (likely caused because the program tries
to write to the MBR - which is also what some viruses / trojans are doing).
Anyway, since these Windows tools are not required for running KolibriOS
in a VM, I've now removed them from the iso image and uploaded a new
version to avoid future confusion:
http://www.qemu-advent-calendar.org/2016/download/day09-v2.tar.xz
If you've got some spare minutes, it would be great if you could give
that new version another try to see whether the warning from Avira is
now properly gone (I don't have a Windows here to test this on my own).
Thanks,
Thomas