|
Return-Path: <dudealert86@outlook.com>
|
|
Received: from mi016.mc1.hosteurope.de ([80.237.138.239]) by wp245.webpack.hosteurope.de running ExIM with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1dKn9b-0008HW-Oc; Tue, 13 Jun 2017 16:50:47 +0200
|
|
Received: from mail-oln040092004043.outbound.protection.outlook.com ([40.92.4.43] helo=NAM02-CY1-obe.outbound.protection.outlook.com) by mx0.webpack.hosteurope.de (mi016.mc1.hosteurope.de) with esmtps (TLSv1.2:AES256-SHA256:256) id 1dKn9Y-0005Sy-Ko for inbox+saxonica+f38e+saxon@plan.io; Tue, 13 Jun 2017 16:50:47 +0200
|
|
Received: from BL2NAM02FT007.eop-nam02.prod.protection.outlook.com (10.152.76.53) by BL2NAM02HT193.eop-nam02.prod.protection.outlook.com (10.152.77.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1143.11; Tue, 13 Jun 2017 14:50:42 +0000
|
|
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.152.76.58) by BL2NAM02FT007.mail.protection.outlook.com (10.152.77.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1157.12 via Frontend Transport; Tue, 13 Jun 2017 14:50:42 +0000
|
|
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([10.173.161.15]) by BN6PR14MB1106.namprd14.prod.outlook.com ([10.173.161.15]) with mapi id 15.01.1157.017; Tue, 13 Jun 2017 14:50:42 +0000
|
|
Date: Tue, 13 Jun 2017 14:50:42 +0000
|
|
From: Greg Smith <dudealert86@outlook.com>
|
|
To: Saxonica Developer Community <inbox+saxonica+f38e+saxon@plan.io>
|
|
Message-ID: <BN6PR14MB110629998C8263AB0B20352BACC20@BN6PR14MB1106.namprd14.prod.outlook.com>
|
|
In-Reply-To: <redmine.journal-9154.20170613141958.0f323160c6884b53@plan.io>
|
|
References: <redmine.issue-3267.20170613092205@plan.io>,<redmine.journal-9154.20170613141958.0f323160c6884b53@plan.io>
|
|
Subject: Re: [Saxon - Bug #3267] Malware in Sourceforge download file
|
|
Mime-Version: 1.0
|
|
Content-Type: multipart/alternative;
|
|
boundary=_000_BN6PR14MB110629998C8263AB0B20352BACC20BN6PR14MB1106namp_
|
|
Content-Transfer-Encoding: 7bit
|
|
Delivery-date: Tue, 13 Jun 2017 16:50:47 +0200
|
|
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
|
|
s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
|
|
bh=xuZskvhDHdqdKNx1iXbsuKl+7hdQq0Bu/vqduVWVcWI=;
|
|
b=QxsrHz0t4iAZ3rPPGKECGpAw/8Ua839fa5o92hJQ9C2B9DupP+UvuzbxqwuScfNaAUrwmn2A+EGMTXVhs36kwjQomYC+e67iT2K15ZO9LCedfq08fM8ZqvArzmGI62nvvFcPKUbyFY7XODn1HBn4DpQjuodCYwT2kSAeStReXx7amhI7V0Ql8Emh0jlXqlQNnSwPLob41IGYEiZx6xTrpkN+9A82sjDL6XYPI+qvpUn8zmvjGE3KubeGd7PohmAWZ7hLhruAWrxZ5bCJYBPNtSZZLySfsNcvpIWn8ft5OaE2BekUlQ1cfsj7JRnL0f4MPssFUb/67PC7zF7SLv6s0w==
|
|
Thread-Topic: [Saxon - Bug #3267] Malware in Sourceforge download file
|
|
Thread-Index: AQHS5FAm8cfuxBogpkSKb0CYPmtACqIi2ole
|
|
Accept-Language: en-US
|
|
Content-Language: en-US
|
|
X-MS-Has-Attach:
|
|
X-MS-TNEF-Correlator:
|
|
authentication-results: plan.io; dkim=none (message not signed)
|
|
header.d=none;plan.io; dmarc=none action=none header.from=outlook.com;
|
|
x-incomingtopheadermarker: OriginalChecksum:A8AB6609896AEEDC5AF00AB70C579A7CEA2AF701D6C5D268A00DDE3E043EC19A;UpperCasedChecksum:97516827A658D145E2533F455BEE0CA226699AF8F271303C38E96534119A4557;SizeAsReceived:7249;Count:44
|
|
x-tmn: [vFpedTbkVMTiJMy9MuZjNXo5u2vQJtTf]
|
|
x-ms-publictraffictype: Email
|
|
x-microsoft-exchange-diagnostics: 1;BL2NAM02HT193;24:gZEVCvr7g+cnLt2KFe/fJdJWNmAsKxPzpd85QlAzVD+2wPcCIZSgIHpKNBNa7l8Eg/DlhcNURVxBesFB/Uc1GWLsRlslq8Yxhlklh4lNx/0=;7:WNMiMlUvXuw0M86ypo3cS8q4ngd32wrJyBdzOwXQO19k17kdJ7btpiH7nrEkq2uMT0JBpAuYQFhM/+PWPoI1IER4kfrkFUWszC6cGriQFWC0gTUy6qB8NnaFu7xbXpfMBDtNSbJ9hcMhamlgE8Vg4PsCho0V5Ma8VU8iHaC8Hb+fWeq22KKgQZwEPO7BlzLNPeTeO6erjQKTLAZAdoz7YyapP/Dg57sDEy0vdMStSvNylDJ1hI9M5CGbe66KBI1QlxNbESvtvrlBSGqVza202nkqH0gn4vFhykeJVSgkq/hWu+/naM7yrtse42K9y1GC
|
|
x-incomingheadercount: 44
|
|
x-eopattributedmessage: 0
|
|
x-forefront-antispam-report: EFV:NLI;SFV:NSPM;SFS:(7070007)(98901004);DIR:OUT;SFP:1901;SCL:1;SRVR:BL2NAM02HT193;H:BN6PR14MB1106.namprd14.prod.outlook.com;FPR:;SPF:None;LANG:en;
|
|
x-ms-traffictypediagnostic: BL2NAM02HT193:
|
|
x-ms-office365-filtering-correlation-id: a8be691b-07bd-43b3-ca93-08d4b26b90c5
|
|
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322274)(1601125374)(1603101448)(1701031045);SRVR:BL2NAM02HT193;
|
|
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031);SRVR:BL2NAM02HT193;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:BL2NAM02HT193;
|
|
x-forefront-prvs: 0337AFFE9A
|
|
spamdiagnosticoutput: 1:99
|
|
spamdiagnosticmetadata: NSPM
|
|
X-OriginatorOrg: outlook.com
|
|
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jun 2017 14:50:42.5896 (UTC)
|
|
X-MS-Exchange-CrossTenant-fromentityheader: Internet
|
|
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
|
|
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2NAM02HT193
|
|
X-HE-Virus-Scanned: Yes
|
|
X-HE-Spam-Level: /
|
|
X-HE-Spam-Score: 0.3
|
|
X-HE-Spam-Report: Content analysis details: (0.3 points) pts rule name
|
|
description ---- ----------------------
|
|
-------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE
|
|
RBL: Sender listed at http://www.dnswl.org/, no trust [40.92.4.43 listed in
|
|
list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
|
|
provider (dudealert86[at]outlook.com) 0.2 FREEMAIL_ENVFROM_END_DIGIT
|
|
Envelope-from freemail username ends in digit (dudealert86[at]outlook.com) 0.1
|
|
HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a
|
|
valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at
|
|
least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK
|
|
signature, not necessarily valid
|
|
X-HE-SPF: PASSED
|
|
Envelope-to: inbox+saxonica+f38e+saxon@plan.io
|
|
|
|
|
|
--_000_BN6PR14MB110629998C8263AB0B20352BACC20BN6PR14MB1106namp_
|
|
Content-Type: text/plain;
|
|
charset=Windows-1252
|
|
Content-Transfer-Encoding: quoted-printable
|
|
|
|
Sourceforge did say that they would stop, but they said that before these=
|
|
were written. So I hope you're right about webroot being the problem. Th=
|
|
is is the first time that webroot has done this for software that I need.=
|
|
I'll let you know when it works.
|
|
|
|
|
|
http://seclists.org/nmap-dev/2015/q2/194
|
|
|
|
Sourceforge Hijacks the Nmap Sourceforge Account<http://seclists.org/nmap=
|
|
-dev/2015/q2/194>
|
|
seclists.org
|
|
Hi Folks! You may have already read the recent news about Sourceforge.net=
|
|
hijacking the GIMP project account to distribute adware/malware. Previou=
|
|
sly GIMP used this ...
|
|
|
|
|
|
https://arstechnica.com/information-technology/2015/06/black-mirror-sourc=
|
|
eforge-has-now-siezed-nmap-audit-tool-project/
|
|
[https://cdn.arstechnica.net/wp-content/uploads/2015/06/nmapgrab-640x465.=
|
|
jpg]<https://arstechnica.com/information-technology/2015/06/black-mirror-=
|
|
sourceforge-has-now-siezed-nmap-audit-tool-project/>
|
|
|
|
Black =93mirror=94: SourceForge has now taken over Nmap audit ...<https:/=
|
|
/arstechnica.com/information-technology/2015/06/black-mirror-sourceforge-=
|
|
has-now-siezed-nmap-audit-tool-project/>
|
|
arstechnica.com
|
|
What's yours is mine dept. =97 Black =93mirror=94: SourceForge has now ta=
|
|
ken over Nmap audit tool project [Updated] VLC developer also surprised t=
|
|
o find project taken ...
|
|
|
|
|
|
https://blog.l0cal.com/2015/06/02/what-happened-to-sourceforge/
|
|
[https://s.gravatar.com/avatar/726d58202f463ab45f27de07733b7a33?s=3D128]<=
|
|
https://blog.l0cal.com/2015/06/02/what-happened-to-sourceforge/>
|
|
|
|
What happened to Sourceforge? =B7 etix's weblog - l0cal.com<https://blog.=
|
|
l0cal.com/2015/06/02/what-happened-to-sourceforge/>
|
|
blog.l0cal.com
|
|
What happened to Sourceforge? Tue, Jun 2, 2015. Disclaimer: I=92m a VLC d=
|
|
eveloper, member of the board of VideoLAN and managing the infrastructure=
|
|
behind the ...
|
|
|
|
|
|
|
|
________________________________
|
|
From: Saxonica Developer Community <notifications@plan.io>
|
|
Sent: Tuesday, June 13, 2017 10:19:58 AM
|
|
Subject: [Saxon - Bug #3267] Malware in Sourceforge download file
|
|
|
|
|
|
--- In your reply, please do not write below this line ---
|
|
|
|
|
|
Issue #3267<https://saxonica.plan.io/issues/3267?pn=3D1#change-9154> has =
|
|
been updated by Michael Kay.
|
|
|
|
Thanks for the screen shots. Webroot seems to have a lot of problems with=
|
|
false positives (i.e. detecting malware where none exists). We'll see if=
|
|
we can get them to look at it and either fix their detection or tell us =
|
|
what we need to do to avoid the false alarm.
|
|
|
|
________________________________
|
|
Bug #3267: Malware in Sourceforge download file<https://saxonica.plan.io/=
|
|
issues/3267?pn=3D1#change-9154>
|
|
|
|
* Author: Herbert Smith
|
|
* Status: New
|
|
* Priority: High
|
|
* Assignee: O'Neil Delpratt
|
|
* Category: Build and release
|
|
* Sprint/Milestone:
|
|
* Legacy ID:
|
|
* Applies to branch:
|
|
* Fix Committed on Branch:
|
|
* Fixed in Maintenance Release:
|
|
* Found in version: .NET HE 9.7 and 9.8
|
|
* Fixed in version:
|
|
|
|
https://sourceforge.net/projects/saxon/files/Saxon-HE/9.7/SaxonHE9-7-0-18=
|
|
N-setup.exe/download
|
|
|
|
That file, along with the newer version that I uninstalled to try the one=
|
|
that I linked, are infected with malware. The newer version of the HE ve=
|
|
rsion of Saxon was detected as soon as installation started, but the olde=
|
|
r version was detected once I attempted to run a Querry.
|
|
|
|
Because of the infected files on sourceforge, I am unable to use the Saxo=
|
|
n product that I need for a school assignment. Sourceforge is known more =
|
|
for it's malware now than it is for what can be downloaded, so maybe swit=
|
|
ch over to another site. I will never be a customer as long as the stuff =
|
|
is only available from that site.
|
|
|
|
Files
|
|
Untitled.png<https://saxonica.plan.io/attachments/download/657/Untitled.p=
|
|
ng> (317 KB)
|
|
Untitled2.png<https://saxonica.plan.io/attachments/download/658/Untitled2=
|
|
.png> (454 KB)
|
|
Untitled3.png<https://saxonica.plan.io/attachments/download/659/Untitled3=
|
|
.png> (619 KB)
|
|
Untitled4.png<https://saxonica.plan.io/attachments/download/660/Untitled4=
|
|
.png> (620 KB)
|
|
Untitled5.png<https://saxonica.plan.io/attachments/download/661/Untitled5=
|
|
.png> (631 KB)
|
|
Untitled-1497363134.png<https://saxonica.plan.io/attachments/download/663=
|
|
/Untitled-1497363134.png> (317 KB)
|
|
Untitled2-1497363134.png<https://saxonica.plan.io/attachments/download/66=
|
|
4/Untitled2-1497363134.png> (454 KB)
|
|
Untitled3-1497363134.png<https://saxonica.plan.io/attachments/download/66=
|
|
5/Untitled3-1497363134.png> (619 KB)
|
|
Untitled4-1497363134.png<https://saxonica.plan.io/attachments/download/66=
|
|
6/Untitled4-1497363134.png> (620 KB)
|
|
Untitled5-1497363134.png<https://saxonica.plan.io/attachments/download/66=
|
|
7/Untitled5-1497363134.png> (631 KB)
|
|
|
|
|
|
________________________________
|
|
|
|
You have received this notification because you have either subscribed to=
|
|
or are involved in a project on Saxonica Developer Community site.
|
|
To change your notification preferences, please click here: https://saxon=
|
|
ica.plan.io/my/account?tour=3Dmail_preferences
|
|
|
|
|
|
This notification was cheerfully delivered by<https://plan.io/>
|
|
|
|
[Planio]<https://plan.io/>
|
|
|
|
--_000_BN6PR14MB110629998C8263AB0B20352BACC20BN6PR14MB1106namp_
|
|
Content-Type: text/html;
|
|
charset=Windows-1252
|
|
Content-Transfer-Encoding: quoted-printable
|
|
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<!--[if !mso]><!-- -->
|
|
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows=
|
|
-1252">
|
|
<link href=3D"https://assets.plan.io/stylesheets/fonts.css" rel=3D"styles=
|
|
heet" type=3D"text/css"><!--<![endif]--><style>a:link{color:#0088b7}
|
|
a:visited{color:#0088b7}
|
|
a:hover{color:#0088b7}
|
|
a:active{color:#0088b7}</style>
|
|
</head>
|
|
<body style=3D"font-family:"ProximaNova-Regular", Helvetica, Ar=
|
|
ial, sans-serif;font-size:14px;line-height:1.4em;color:#333434">
|
|
<style type=3D"text/css" style=3D"display:none;"><!-- P {margin-top:0;mar=
|
|
gin-bottom:0;} --></style>
|
|
<div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt;color:#000000;fo=
|
|
nt-family:Calibri,Arial,Helvetica,sans-serif;" dir=3D"ltr">
|
|
<p><span style=3D"font-family: Calibri, Arial, Helvetica, sans-serif, Emo=
|
|
jiFont, "Apple Color Emoji", "Segoe UI Emoji", NotoCo=
|
|
lorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSy=
|
|
mbols; font-size: 16px;">Sourceforge did say that they would stop, b=
|
|
ut they said
|
|
that before these were written. So I hope you're right about webroot bei=
|
|
ng the problem. This is the first time that webroot has done this for sof=
|
|
tware that I need. I'll let you know when it works.</span></p>
|
|
<p><span style=3D"font-family: Calibri, Arial, Helvetica, sans-serif, Emo=
|
|
jiFont, "Apple Color Emoji", "Segoe UI Emoji", NotoCo=
|
|
lorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSy=
|
|
mbols; font-size: 16px;"><br>
|
|
</span></p>
|
|
<p><a href=3D"http://seclists.org/nmap-dev/2015/q2/194" class=3D"OWAAutoL=
|
|
ink" id=3D"LPlnk835783" previewremoved=3D"true">http://seclists.org/nmap-=
|
|
dev/2015/q2/194</a></p>
|
|
<div id=3D"LPBorder_GT_14973643666280.14067409109803752" style=3D"margin-=
|
|
bottom: 20px; overflow: auto; width: 100%; text-indent: 0px;">
|
|
<table id=3D"LPContainer_14973643666190.12844564588139007" role=3D"presen=
|
|
tation" cellspacing=3D"0" style=3D"width: 90%; background-color: rgb(255,=
|
|
255, 255); position: relative; overflow: auto; padding-top: 20px; paddin=
|
|
g-bottom: 20px; margin-top: 20px; border-top: 1px dotted rgb(200, 200, 20=
|
|
0); border-bottom: 1px dotted rgb(200, 200, 200);">
|
|
<tbody>
|
|
<tr valign=3D"top" style=3D"border-spacing: 0px;">
|
|
<td id=3D"TextCell_14973643666240.0920641973808809" colspan=3D"2" style=3D=
|
|
"vertical-align: top; position: relative; padding: 0px; display: table-ce=
|
|
ll;">
|
|
<div id=3D"LPRemovePreviewContainer_14973643666240.22471830229433132"></d=
|
|
iv>
|
|
<div id=3D"LPTitle_14973643666240.15102755957954717" style=3D"top: 0px; c=
|
|
olor: rgb(0, 120, 215); font-weight: normal; font-size: 21px; font-family=
|
|
: wf_segoe-ui_light, "Segoe UI Light", "Segoe WP Light&quo=
|
|
t;, "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif=
|
|
; line-height: 21px;">
|
|
<a id=3D"LPUrlAnchor_14973643666260.25662226218668915" href=3D"http://sec=
|
|
lists.org/nmap-dev/2015/q2/194" target=3D"_blank" style=3D"text-decoratio=
|
|
n: none;">Sourceforge Hijacks the Nmap Sourceforge Account</a></div>
|
|
<div id=3D"LPMetadata_14973643666260.24864180827070403" style=3D"margin: =
|
|
10px 0px 16px; color: rgb(102, 102, 102); font-weight: normal; font-famil=
|
|
y: wf_segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma=
|
|
, Arial, sans-serif; font-size: 14px; line-height: 14px;">
|
|
seclists.org</div>
|
|
<div id=3D"LPDescription_14973643666270.573887699217078" style=3D"display=
|
|
: block; color: rgb(102, 102, 102); font-weight: normal; font-family: wf_=
|
|
segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma, Aria=
|
|
l, sans-serif; font-size: 14px; line-height: 20px; max-height: 100px; ove=
|
|
rflow: hidden;">
|
|
Hi Folks! You may have already read the recent news about Sourceforge.net=
|
|
hijacking the GIMP project account to distribute adware/malware. Previou=
|
|
sly GIMP used this ...</div>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
<br>
|
|
<a href=3D"https://arstechnica.com/information-technology/2015/06/black-m=
|
|
irror-sourceforge-has-now-siezed-nmap-audit-tool-project/" class=3D"OWAAu=
|
|
toLink" id=3D"LPlnk999644" previewremoved=3D"true">https://arstechnica.co=
|
|
m/information-technology/2015/06/black-mirror-sourceforge-has-now-siezed-=
|
|
nmap-audit-tool-project/</a>
|
|
<div id=3D"LPBorder_GT_14973643881750.2253447313603989" style=3D"margin-b=
|
|
ottom: 20px; overflow: auto; width: 100%; text-indent: 0px;">
|
|
<table id=3D"LPContainer_14973643881720.6473222041417344" role=3D"present=
|
|
ation" cellspacing=3D"0" style=3D"width: 90%; background-color: rgb(255, =
|
|
255, 255); position: relative; overflow: auto; padding-top: 20px; padding=
|
|
-bottom: 20px; margin-top: 20px; border-top: 1px dotted rgb(200, 200, 200=
|
|
); border-bottom: 1px dotted rgb(200, 200, 200);">
|
|
<tbody>
|
|
<tr valign=3D"top" style=3D"border-spacing: 0px;">
|
|
<td id=3D"ImageCell_14973643881730.3473196130719596" colspan=3D"1" style=3D=
|
|
"width: 250px; position: relative; display: table-cell; padding-right: 20=
|
|
px;">
|
|
<div id=3D"LPImageContainer_14973643881730.7994808986048616" style=3D"bac=
|
|
kground-color: rgb(255, 255, 255); height: 181px; position: relative; mar=
|
|
gin: auto; display: table; width: 250px;">
|
|
<a id=3D"LPImageAnchor_14973643881730.3595567553413821" href=3D"https://a=
|
|
rstechnica.com/information-technology/2015/06/black-mirror-sourceforge-ha=
|
|
s-now-siezed-nmap-audit-tool-project/" target=3D"_blank" style=3D"display=
|
|
: table-cell; text-align: center;"><img id=3D"LPThumbnailImageID_14973643=
|
|
881730.37033198071265216" width=3D"250" height=3D"181" style=3D"display: =
|
|
inline-block; max-width: 250px; max-height: 250px; height: 181px; width: =
|
|
250px; border-width: 0px; vertical-align: bottom;" src=3D"https://cdn.ars=
|
|
technica.net/wp-content/uploads/2015/06/nmapgrab-640x465.jpg"></a></div>
|
|
</td>
|
|
<td id=3D"TextCell_14973643881740.1978820922877016" colspan=3D"2" style=3D=
|
|
"vertical-align: top; position: relative; padding: 0px; display: table-ce=
|
|
ll;">
|
|
<div id=3D"LPRemovePreviewContainer_14973643881740.9379574031106825"></di=
|
|
v>
|
|
<div id=3D"LPTitle_14973643881740.8099068492278914" style=3D"top: 0px; co=
|
|
lor: rgb(0, 120, 215); font-weight: normal; font-size: 21px; font-family:=
|
|
wf_segoe-ui_light, "Segoe UI Light", "Segoe WP Light"=
|
|
;, "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif;=
|
|
line-height: 21px;">
|
|
<a id=3D"LPUrlAnchor_14973643881740.01773646941583018" href=3D"https://ar=
|
|
stechnica.com/information-technology/2015/06/black-mirror-sourceforge-has=
|
|
-now-siezed-nmap-audit-tool-project/" target=3D"_blank" style=3D"text-dec=
|
|
oration: none;">Black =93mirror=94: SourceForge has
|
|
now taken over Nmap audit ...</a></div>
|
|
<div id=3D"LPMetadata_14973643881740.7327097051479496" style=3D"margin: 1=
|
|
0px 0px 16px; color: rgb(102, 102, 102); font-weight: normal; font-family=
|
|
: wf_segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma,=
|
|
Arial, sans-serif; font-size: 14px; line-height: 14px;">
|
|
arstechnica.com</div>
|
|
<div id=3D"LPDescription_14973643881740.3535158487248542" style=3D"displa=
|
|
y: block; color: rgb(102, 102, 102); font-weight: normal; font-family: wf=
|
|
_segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma, Ari=
|
|
al, sans-serif; font-size: 14px; line-height: 20px; max-height: 100px; ov=
|
|
erflow: hidden;">
|
|
What's yours is mine dept. =97 Black =93mirror=94: SourceForge has now ta=
|
|
ken over Nmap audit tool project [Updated] VLC developer also surprised t=
|
|
o find project taken ...</div>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
<br>
|
|
<a href=3D"https://blog.l0cal.com/2015/06/02/what-happened-to-sourceforge=
|
|
/" class=3D"OWAAutoLink" id=3D"LPlnk711870" previewremoved=3D"true">https=
|
|
://blog.l0cal.com/2015/06/02/what-happened-to-sourceforge/</a>
|
|
<div id=3D"LPBorder_GT_14973644479850.3474625044143047" style=3D"margin-b=
|
|
ottom: 20px; overflow: auto; width: 100%; text-indent: 0px;">
|
|
<table id=3D"LPContainer_14973644479800.8290123868539454" role=3D"present=
|
|
ation" cellspacing=3D"0" style=3D"width: 90%; background-color: rgb(255, =
|
|
255, 255); position: relative; overflow: auto; padding-top: 20px; padding=
|
|
-bottom: 20px; margin-top: 20px; border-top: 1px dotted rgb(200, 200, 200=
|
|
); border-bottom: 1px dotted rgb(200, 200, 200);">
|
|
<tbody>
|
|
<tr valign=3D"top" style=3D"border-spacing: 0px;">
|
|
<td id=3D"ImageCell_14973644479810.22407855219527129" colspan=3D"1" style=
|
|
=3D"width: 250px; position: relative; display: table-cell; padding-right:=
|
|
20px;">
|
|
<div id=3D"LPImageContainer_14973644479810.915835921394119" style=3D"back=
|
|
ground-color: rgb(255, 255, 255); height: 128px; position: relative; marg=
|
|
in: auto; display: table; width: 128px;">
|
|
<a id=3D"LPImageAnchor_14973644479820.7696985084511714" href=3D"https://b=
|
|
log.l0cal.com/2015/06/02/what-happened-to-sourceforge/" target=3D"_blank"=
|
|
style=3D"display: table-cell; text-align: center;"><img id=3D"LPThumbnai=
|
|
lImageID_14973644479820.46578417621391544" width=3D"128" height=3D"128" s=
|
|
tyle=3D"display: inline-block; max-width: 250px; max-height: 250px; heigh=
|
|
t: 128px; width: 128px; border-width: 0px; vertical-align: bottom;" src=3D=
|
|
"https://s.gravatar.com/avatar/726d58202f463ab45f27de07733b7a33?s=3D128">=
|
|
</a></div>
|
|
</td>
|
|
<td id=3D"TextCell_14973644479820.9952400688969576" colspan=3D"2" style=3D=
|
|
"vertical-align: top; position: relative; padding: 0px; display: table-ce=
|
|
ll;">
|
|
<div id=3D"LPRemovePreviewContainer_14973644479820.9437356728061079"></di=
|
|
v>
|
|
<div id=3D"LPTitle_14973644479820.5334362454193671" style=3D"top: 0px; co=
|
|
lor: rgb(0, 120, 215); font-weight: normal; font-size: 21px; font-family:=
|
|
wf_segoe-ui_light, "Segoe UI Light", "Segoe WP Light"=
|
|
;, "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif;=
|
|
line-height: 21px;">
|
|
<a id=3D"LPUrlAnchor_14973644479830.6493216706330829" href=3D"https://blo=
|
|
g.l0cal.com/2015/06/02/what-happened-to-sourceforge/" target=3D"_blank" s=
|
|
tyle=3D"text-decoration: none;">What happened to Sourceforge? =B7 etix's =
|
|
weblog - l0cal.com</a></div>
|
|
<div id=3D"LPMetadata_14973644479830.1781039195769616" style=3D"margin: 1=
|
|
0px 0px 16px; color: rgb(102, 102, 102); font-weight: normal; font-family=
|
|
: wf_segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma,=
|
|
Arial, sans-serif; font-size: 14px; line-height: 14px;">
|
|
blog.l0cal.com</div>
|
|
<div id=3D"LPDescription_14973644479840.7694020573974514" style=3D"displa=
|
|
y: block; color: rgb(102, 102, 102); font-weight: normal; font-family: wf=
|
|
_segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma, Ari=
|
|
al, sans-serif; font-size: 14px; line-height: 20px; max-height: 100px; ov=
|
|
erflow: hidden;">
|
|
What happened to Sourceforge? Tue, Jun 2, 2015. Disclaimer: I=92m a VLC d=
|
|
eveloper, member of the board of VideoLAN and managing the infrastructure=
|
|
behind the ...</div>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
<br>
|
|
<p></p>
|
|
</div>
|
|
<hr style=3D"display:inline-block;width:98%" tabindex=3D"-1">
|
|
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" =
|
|
style=3D"font-size:11pt" color=3D"#000000"><b>From:</b> Saxonica Develope=
|
|
r Community <notifications@plan.io><br>
|
|
<b>Sent:</b> Tuesday, June 13, 2017 10:19:58 AM<br>
|
|
<b>Subject:</b> [Saxon - Bug #3267] Malware in Sourceforge download file<=
|
|
/font>
|
|
<div> </div>
|
|
</div>
|
|
<div>
|
|
<table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" style=3D"border=
|
|
-spacing:0;border-collapse:collapse;width:100%">
|
|
<tbody>
|
|
<tr>
|
|
<td class=3D"header" style=3D"text-align:center;width:100%;font-family:Ma=
|
|
rketWeb, Helvetica, Arial, sans-serif;font-size:0.8em;color:#D7D7D7">
|
|
<p>--- In your reply, please do not write below this line ---</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Issue <a href=3D"https://saxonica.plan.io/issues/3267?pn=3D1#change-9=
|
|
154" style=3D"color:#0088b7">
|
|
#3267</a> has been updated by Michael Kay.
|
|
<ul>
|
|
</ul>
|
|
<p>Thanks for the screen shots. Webroot seems to have a lot of problems w=
|
|
ith false positives (i.e. detecting malware where none exists). We'll see=
|
|
if we can get them to look at it and either fix their detection or tell =
|
|
us what we need to do to avoid the false
|
|
alarm.</p>
|
|
<hr style=3D"width:100%;height:1px;background:#ccc;border:0;margin:1.2em =
|
|
0">
|
|
<h1 style=3D"font-family:"ProximaNova-Bold", Helvetica, Arial, =
|
|
sans-serif;font-weight:normal;margin:0px;font-size:1.3em;line-height:1.4e=
|
|
m">
|
|
<a href=3D"https://saxonica.plan.io/issues/3267?pn=3D1#change-9154" style=
|
|
=3D"color:#0088b7;text-decoration:none">Bug #3267: Malware in Sourceforge=
|
|
download file</a></h1>
|
|
<ul>
|
|
<li>Author: Herbert Smith </li><li>Status: New </li><li>Priority: High </=
|
|
li><li>Assignee: O'Neil Delpratt </li><li>Category: Build and release </l=
|
|
i><li>Sprint/Milestone: </li><li>Legacy ID: </li><li>Applies to branch: <=
|
|
/li><li>Fix Committed on Branch: </li><li>Fixed in Maintenance Release: <=
|
|
/li><li>Found in version: .NET HE 9.7 and 9.8 </li><li>Fixed in version: =
|
|
</li></ul>
|
|
<p><a class=3D"external" href=3D"https://sourceforge.net/projects/saxon/f=
|
|
iles/Saxon-HE/9.7/SaxonHE9-7-0-18N-setup.exe/download" style=3D"color:#00=
|
|
88b7">https://sourceforge.net/projects/saxon/files/Saxon-HE/9.7/SaxonHE9-=
|
|
7-0-18N-setup.exe/download</a></p>
|
|
<p>That file, along with the newer version that I uninstalled to try the =
|
|
one that I linked, are infected with malware. The newer version of the HE=
|
|
version of Saxon was detected as soon as installation started, but the o=
|
|
lder version was detected once I attempted
|
|
to run a Querry.</p>
|
|
<p>Because of the infected files on sourceforge, I am unable to use the S=
|
|
axon product that I need for a school assignment. Sourceforge is known mo=
|
|
re for it's malware now than it is for what can be downloaded, so maybe s=
|
|
witch over to another site. I will never
|
|
be a customer as long as the stuff is only available from that site.</p>=
|
|
|
|
<fieldset class=3D"attachments" style=3D"border:solid #ccc;border-width:1=
|
|
px 0 0 0"><legend>
|
|
Files</legend><a href=3D"https://saxonica.plan.io/attachments/download/65=
|
|
7/Untitled.png" style=3D"color:#0088b7">Untitled.png</a> (317 KB)<br>
|
|
<a href=3D"https://saxonica.plan.io/attachments/download/658/Untitled2.pn=
|
|
g" style=3D"color:#0088b7">Untitled2.png</a> (454 KB)<br>
|
|
<a href=3D"https://saxonica.plan.io/attachments/download/659/Untitled3.pn=
|
|
g" style=3D"color:#0088b7">Untitled3.png</a> (619 KB)<br>
|
|
<a href=3D"https://saxonica.plan.io/attachments/download/660/Untitled4.pn=
|
|
g" style=3D"color:#0088b7">Untitled4.png</a> (620 KB)<br>
|
|
<a href=3D"https://saxonica.plan.io/attachments/download/661/Untitled5.pn=
|
|
g" style=3D"color:#0088b7">Untitled5.png</a> (631 KB)<br>
|
|
<a href=3D"https://saxonica.plan.io/attachments/download/663/Untitled-149=
|
|
7363134.png" style=3D"color:#0088b7">Untitled-1497363134.png</a> (317 KB)=
|
|
<br>
|
|
<a href=3D"https://saxonica.plan.io/attachments/download/664/Untitled2-14=
|
|
97363134.png" style=3D"color:#0088b7">Untitled2-1497363134.png</a> (454 K=
|
|
B)<br>
|
|
<a href=3D"https://saxonica.plan.io/attachments/download/665/Untitled3-14=
|
|
97363134.png" style=3D"color:#0088b7">Untitled3-1497363134.png</a> (619 K=
|
|
B)<br>
|
|
<a href=3D"https://saxonica.plan.io/attachments/download/666/Untitled4-14=
|
|
97363134.png" style=3D"color:#0088b7">Untitled4-1497363134.png</a> (620 K=
|
|
B)<br>
|
|
<a href=3D"https://saxonica.plan.io/attachments/download/667/Untitled5-14=
|
|
97363134.png" style=3D"color:#0088b7">Untitled5-1497363134.png</a> (631 K=
|
|
B)<br>
|
|
</fieldset>
|
|
<div itemscope=3D"itemscope" itemtype=3D"http://schema.org/EmailMessage">=
|
|
|
|
<div itemscope=3D"itemscope" itemprop=3D"action" itemtype=3D"http://schem=
|
|
a.org/ViewAction">
|
|
<link itemprop=3D"url" href=3D"https://saxonica.plan.io/issues/3267?pn=3D=
|
|
1#change-9154">
|
|
<meta itemprop=3D"name" content=3D"View Issue">
|
|
</div>
|
|
<meta itemprop=3D"description" content=3D"View this issue update on Plani=
|
|
o">
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td class=3D"footer" style=3D"font-size:0.8em;width:100%">
|
|
<hr style=3D"width:100%;height:1px;background:#ccc;border:0;margin:1.2em =
|
|
0">
|
|
<p>You have received this notification because you have either subscribed=
|
|
to or are involved in a project on Saxonica Developer Community site.<br=
|
|
>
|
|
To change your notification preferences, please click here: <a class=3D"e=
|
|
xternal" href=3D"https://saxonica.plan.io/my/account?tour=3Dmail_preferen=
|
|
ces" style=3D"color:#0088b7">
|
|
https://saxonica.plan.io/my/account?tour=3Dmail_preferences</a></p>
|
|
</td>
|
|
<td></td>
|
|
</tr>
|
|
<tr>
|
|
<td class=3D"planio_footer" style=3D"text-align:center;width:100%;font-fa=
|
|
mily:MarketWeb, Helvetica, Arial, sans-serif;font-size:1.2em;color:#D7D7D=
|
|
7">
|
|
<br>
|
|
<div><a href=3D"https://plan.io/" style=3D"color:#0088b7;color:#D7D7D7;te=
|
|
xt-decoration:none">This notification was cheerfully delivered by</a></di=
|
|
v>
|
|
</td>
|
|
<td></td>
|
|
</tr>
|
|
<tr>
|
|
<td class=3D"planio_footer_logo" style=3D"text-align:center;width:100%"><=
|
|
a href=3D"https://plan.io/" title=3D"Planio" style=3D"color:#0088b7"><img=
|
|
height=3D"25" width=3D"102" border=3D"0" alt=3D"Planio" style=3D"vertica=
|
|
l-align:middle;border:none" src=3D"https://assets.plan.io/images/planio_l=
|
|
ogo_gray_204x50.png"></a></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</body>
|
|
</html>
|
|
|
|
--_000_BN6PR14MB110629998C8263AB0B20352BACC20BN6PR14MB1106namp_--
|