1

Closed

MSIL/Injector.AN trojan found in "binaries" download

description

I've tried to download this zip http://smtp4dev.codeplex.com/releases/38851/download/121466 and ESS found virus in it.

file attachments

Closed Sep 10, 2010 at 9:28 PM by rnwood

comments

rnwood wrote Sep 8, 2010 at 7:42 PM

Hi and thanks for the report. I'm going to ignore your rudeness!

I think you are experiencing a false positive from your virus scanner. I would guess that this is because the standalone (single file) download for smtp4dev is packed with an executable packer NETZ (http://madebits.com/netz/index.php).

VirusTotal which checks the file against 43 different virus scanners does not agree with your ESS scanner. You can checkout the report at the following URL (or of course upload the file yourself and try it)

http://www.virustotal.com/file-scan/report.html?id=cae9f54c332a4c17b99f9a2e875f99425b5a06b3a85077b62a5ccf6ef4173772-1283963773

Also the ESET online scanner (http://www.eset.co.uk/ThreatCenter/OnlineScanner/) which I believe uses the same engine as ESS reports the files as clean.

Of course if you still don't believe all of the above then you are welcome to build from the source code in SVN which you can check line for line since this product is open source. You can also verify the binary of the NETZ packer used by the publish.proj script against that available for download from their website.

rnwood wrote Sep 8, 2010 at 7:46 PM

Update:
Read this blog article from ESET (the authors of your AV product) which explains about packers:
http://blog.eset.com/2008/10/27/an-introduction-to-packers

...and the release notes for your AV product which mention an option called "runtime packet protection" which you may need to enable:
http://kb.eset.com/esetkb/index?page=content&id=SOLN357

isotoxin wrote Sep 9, 2010 at 7:18 AM

Well, in this case, I apologize

wrote Sep 9, 2010 at 7:19 AM

rnwood wrote Sep 10, 2010 at 9:28 PM

Thanks for removing your rudeness, apology accepted.

wrote Sep 10, 2010 at 9:28 PM

wrote Feb 22, 2013 at 1:30 AM

wrote May 16, 2013 at 12:42 PM