Project

Profile

Help

Bug #3267 ยป Bug #9165 - 2017-06-13T17_09_45Z.eml

Anonymous, 2017-06-13 19:09

 
Return-Path: <dudealert86@outlook.com>
Received: from mi015.mc1.hosteurope.de ([80.237.138.240]) by wp245.webpack.hosteurope.de running ExIM with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1dKpJr-0005Mw-0S; Tue, 13 Jun 2017 19:09:31 +0200
Received: from mail-oln040092008080.outbound.protection.outlook.com ([40.92.8.80] helo=NAM03-DM3-obe.outbound.protection.outlook.com) by mx0.webpack.hosteurope.de (mi015.mc1.hosteurope.de) with esmtps (TLSv1.2:AES256-SHA256:256) id 1dKpJo-0008G3-Dc for inbox+saxonica+f38e+saxon@plan.io; Tue, 13 Jun 2017 19:09:30 +0200
Received: from DM3NAM03FT011.eop-NAM03.prod.protection.outlook.com (10.152.82.52) by DM3NAM03HT038.eop-NAM03.prod.protection.outlook.com (10.152.83.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1178.14; Tue, 13 Jun 2017 17:09:26 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.152.82.57) by DM3NAM03FT011.mail.protection.outlook.com (10.152.82.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1178.14 via Frontend Transport; Tue, 13 Jun 2017 17:09:26 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([10.173.161.15]) by BN6PR14MB1106.namprd14.prod.outlook.com ([10.173.161.15]) with mapi id 15.01.1157.017; Tue, 13 Jun 2017 17:09:26 +0000
Date: Tue, 13 Jun 2017 17:09:26 +0000
From: Greg Smith <dudealert86@outlook.com>
To: Saxonica Developer Community <inbox+saxonica+f38e+saxon@plan.io>
Message-ID: <BN6PR14MB11060C0DE74D104B7A7189DCACC20@BN6PR14MB1106.namprd14.prod.outlook.com>
In-Reply-To: <redmine.journal-9159.20170613161151.5cc99aa391edfc7d@plan.io>
References: <redmine.issue-3267.20170613092205@plan.io>,<redmine.journal-9159.20170613161151.5cc99aa391edfc7d@plan.io>
Subject: Re: [Saxon - Bug #3267] Webroot claims that there is malware
(W32.Malware.Gen) in Sourceforge .NET download file
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary=_000_BN6PR14MB11060C0DE74D104B7A7189DCACC20BN6PR14MB1106namp_
Content-Transfer-Encoding: 7bit
Delivery-date: Tue, 13 Jun 2017 19:09:31 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=7qt/bNXeIHqnnzB31N3Hv/JR5xhC2Yd+mVpBP6F1CiQ=;
b=lXOcgkZ27byb/A2wJCBAMUYCWMMMQOoSs/G+0QkORnXHGjaJg+NcPy3UW6mn6crPKgmdSgai0lr5fJrPUiGEr+wH0S5L27yHlMhNf/398oFor4fSJJAwBu1EVS9D9RgmPJMuHEM0Ae6FKxsQK9n6lSDmqfWecrZKFdMbZ9hpVP36clhzMR0pkrSxk/cO0au1figV9yr8XTjTmCc4Xyh9x8S65LjLEyUJh1OIcgA0wZNqBL00giBmzuT2v/PRaOac0eJeB4ABvoge7O6uaICus7xEfZTZJSK5fe5MF1pfkniOrXVDgqvwUN7sXeHXQyQJRZAHVBGcPUXjUEnw2Dg0+g==
Thread-Topic: [Saxon - Bug #3267] Webroot claims that there is malware
(W32.Malware.Gen) in Sourceforge .NET download file
Thread-Index: AQHS5F/NQ8ocrDjEdUmkEQk6jEDspKIjBnoy
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: plan.io; dkim=none (message not signed)
header.d=none;plan.io; dmarc=none action=none header.from=outlook.com;
x-incomingtopheadermarker: OriginalChecksum:403E16A7EF52277C828CF8655DA1AB69CE535196DDDADE3959364FC397B5CA75;UpperCasedChecksum:5593844DCB701ECC02DC1FFE69DFD4D75CBA33CA03B5EE4FD90764241E13D785;SizeAsReceived:7366;Count:44
x-tmn: [qKIFQ4QgO/fjopQFHWD5C08GHcv3Mt53]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;DM3NAM03HT038;7:IqGGQW2rcsrrtQmET+7ITAjYw2yq6fDrHYE4Wno1NnHOiscZfwBwYFlpzz9tgK238ss0ErCzA9aoFyIWl3+1FwXKS58BPj1cMN8U5ZjQWkL7dIIccbfSbm7+2VJIssHS4Ns2470inASpitO+eDCl/CLHBRn0ZRPG9e85vmmVH/wE9l0N4BA60O4PFAu0SAP8gJ52rWmVuKQSct3D+MI/4SP7EOfjXds2bc63po767wxt2rIkLVJ30EzZZ2XCF8ljYvjE0Nv6dgjXoJa3BAe5n/6Y/MN4JA3W5sO+sZdYD6U5F+cuG5PjekSirgFj/KsCovFoBIH7H8w7YrYXINC+mbRMUwXVSWvlcvYah04BI63c3ylObX+kv0LzsujjGpzALAqItEAd13Uz4/p8MNrxXSET6bphsG1Os0ErWAoYJPZmzYO0+uXgOpm4UBWIt5irM+uHYEApWBG8QdQH0MmiKbnpqYha3oRrh6aCpeDySGoxTaW0hZzw5Nsz1Gpy3AkmkrifqhloLJR8dUrFHYmUByIAdoaRCFisMCevodXKpJ2Dm4mlzYdPib7+mgMVQ0nCWMfiqPBYAHrqzid1xOFWsxk+/Qah5L/5oBdgeO4FLquqr/ow1U9mwblewDi4OJkP7ZmTFryBglgL7XkSvLXADYAu4kA7luNW/viciGJJOpR1zwA4HEExqK8ux0VEK++ZWPvpIKDNfMRwUrrU3WN/U4F6Jimu9e6UmdVHsPoJXMvMEVGeHadkOzSr5MxCx5NYMCMAiqMhGTaU5zuk0NqOhQ==
x-incomingheadercount: 44
x-eopattributedmessage: 0
x-forefront-antispam-report: EFV:NLI;SFV:NSPM;SFS:(7070007)(98901004);DIR:OUT;SFP:1901;SCL:1;SRVR:DM3NAM03HT038;H:BN6PR14MB1106.namprd14.prod.outlook.com;FPR:;SPF:None;LANG:en;
x-ms-office365-filtering-correlation-id: 2b13a97d-6ae8-4900-4a70-08d4b27ef211
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322274)(1601125374)(1603101448)(1701031045);SRVR:DM3NAM03HT038;
x-ms-traffictypediagnostic: DM3NAM03HT038:
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031);SRVR:DM3NAM03HT038;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DM3NAM03HT038;
x-forefront-prvs: 0337AFFE9A
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jun 2017 17:09:26.1595 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3NAM03HT038
X-HE-Virus-Scanned: Yes
X-HE-Spam-Level: ++
X-HE-Spam-Score: 2.8
X-HE-Spam-Report: Content analysis details: (2.8 points) pts rule name
description ---- ----------------------
-------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE
RBL: Sender listed at http://www.dnswl.org/, no trust [40.92.8.80 listed in
list.dnswl.org] 2.5 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy
server [40.92.8.80 listed in dnsbl.sorbs.net] 0.0 FREEMAIL_FROM Sender email
is commonly abused enduser mail provider (dudealert86[at]outlook.com) 0.2
FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit
(dudealert86[at]outlook.com) 0.1 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1
DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
X-HE-SPF: PASSED
Envelope-to: inbox+saxonica+f38e+saxon@plan.io


--_000_BN6PR14MB11060C0DE74D104B7A7189DCACC20BN6PR14MB1106namp_
Content-Type: text/plain;
charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

I've got to admit, you're good lol I didn't expect webroot to respond so =
quickly to you. It works now, with no malware notification. Thank you.


________________________________
From: Saxonica Developer Community <notifications@plan.io>
Sent: Tuesday, June 13, 2017 12:11 PM
Subject: [Saxon - Bug #3267] Webroot claims that there is malware (W32.Ma=
lware.Gen) in Sourceforge .NET download file


--- In your reply, please do not write below this line ---


Issue #3267<https://saxonica.plan.io/issues/3267?pn=3D1#change-9159> has =
been updated by Michael Kay.

Thanks, we are well aware of widespread dissatisfaction with the commerci=
alization of SourceForge, but that's nothing to do with the issue here. T=
he report from Webroot here is a false positive on scanning our software =
for viruses, and would have happened whatever platform we used for distri=
bution. Sourceforge are distributing the binary that we uploaded.

________________________________
Bug #3267: Webroot claims that there is malware (W32.Malware.Gen) in Sour=
ceforge .NET download file<https://saxonica.plan.io/issues/3267?pn=3D1#ch=
ange-9159>

* Author: Herbert Smith
* Status: AwaitingInfo
* Priority: Normal
* Assignee: O'Neil Delpratt
* Category: Build and release
* Sprint/Milestone:
* Legacy ID:
* Applies to branch: 9.7
* Fix Committed on Branch:
* Fixed in Maintenance Release:
* Found in version: .NET HE 9.7 and 9.8
* Fixed in version:

https://sourceforge.net/projects/saxon/files/Saxon-HE/9.7/SaxonHE9-7-0-18=
N-setup.exe/download

That file, along with the newer version that I uninstalled to try the one=
that I linked, are infected with malware. The newer version of the HE ve=
rsion of Saxon was detected as soon as installation started, but the olde=
r version was detected once I attempted to run a Querry.

Because of the infected files on sourceforge, I am unable to use the Saxo=
n product that I need for a school assignment. Sourceforge is known more =
for it's malware now than it is for what can be downloaded, so maybe swit=
ch over to another site. I will never be a customer as long as the stuff =
is only available from that site.

Files
Untitled.png<https://saxonica.plan.io/attachments/download/657/Untitled.p=
ng> (317 KB)
Untitled2.png<https://saxonica.plan.io/attachments/download/658/Untitled2=
.png> (454 KB)
Untitled3.png<https://saxonica.plan.io/attachments/download/659/Untitled3=
.png> (619 KB)
Untitled4.png<https://saxonica.plan.io/attachments/download/660/Untitled4=
.png> (620 KB)
Untitled5.png<https://saxonica.plan.io/attachments/download/661/Untitled5=
.png> (631 KB)
Untitled-1497363134.png<https://saxonica.plan.io/attachments/download/663=
/Untitled-1497363134.png> (317 KB)
Untitled2-1497363134.png<https://saxonica.plan.io/attachments/download/66=
4/Untitled2-1497363134.png> (454 KB)
Untitled3-1497363134.png<https://saxonica.plan.io/attachments/download/66=
5/Untitled3-1497363134.png> (619 KB)
Untitled4-1497363134.png<https://saxonica.plan.io/attachments/download/66=
6/Untitled4-1497363134.png> (620 KB)
Untitled5-1497363134.png<https://saxonica.plan.io/attachments/download/66=
7/Untitled5-1497363134.png> (631 KB)


________________________________

You have received this notification because you have either subscribed to=
or are involved in a project on Saxonica Developer Community site.
To change your notification preferences, please click here: https://saxon=
ica.plan.io/my/account?tour=3Dmail_preferences


This notification was cheerfully delivered by<https://plan.io/>

[Planio]<https://plan.io/>

--_000_BN6PR14MB11060C0DE74D104B7A7189DCACC20BN6PR14MB1106namp_
Content-Type: text/html;
charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-885=
9-1">
<style type=3D"text/css" style=3D"display:none;"><!-- P {margin-top:0;mar=
gin-bottom:0;} --></style>
</head>
<body dir=3D"ltr">
<div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt;color:#000000;fo=
nt-family:Calibri,Arial,Helvetica,sans-serif;" dir=3D"ltr">
<p>I've got to admit, you're good lol I didn't expect webroot to respond =
so quickly to you. It works now, with no malware notification. Thank you.=
</p>
<br>
<br>
<div style=3D"color: rgb(0, 0, 0);">
<hr tabindex=3D"-1" style=3D"display:inline-block; width:98%">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" =
color=3D"#000000" style=3D"font-size:11pt"><b>From:</b> Saxonica Develope=
r Community &lt;notifications@plan.io&gt;<br>
<b>Sent:</b> Tuesday, June 13, 2017 12:11 PM<br>
<b>Subject:</b> [Saxon - Bug #3267] Webroot claims that there is malware =
(W32.Malware.Gen) in Sourceforge .NET download file</font>
<div>&nbsp;</div>
</div>
<div>
<table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" style=3D"border=
-spacing:0; border-collapse:collapse; width:100%">
<tbody>
<tr>
<td class=3D"header" style=3D"text-align:center; width:100%; font-family:=
MarketWeb,Helvetica,Arial,sans-serif; font-size:0.8em; color:#D7D7D7">
<p>--- In your reply, please do not write below this line ---</p>
</td>
</tr>
<tr>
<td>Issue <a href=3D"https://saxonica.plan.io/issues/3267?pn=3D1#change-9=
159" style=3D"color: rgb(0, 136, 183);">
#3267</a> has been updated by Michael Kay.
<ul>
</ul>
<p>Thanks, we are well aware of widespread dissatisfaction with the comme=
rcialization of SourceForge, but that's nothing to do with the issue here=
. The report from Webroot here is a false positive on scanning our softwa=
re for viruses, and would have happened
whatever platform we used for distribution. Sourceforge are distributing=
the binary that we uploaded.</p>
<hr style=3D"width:100%; height:1px; background:#ccc; border:0; margin:1.=
2em 0">
<h1 style=3D"font-family:&quot;ProximaNova-Bold&quot;,Helvetica,Arial,san=
s-serif; font-weight:normal; margin:0px; font-size:1.3em; line-height:1.4=
em">
<a href=3D"https://saxonica.plan.io/issues/3267?pn=3D1#change-9159" style=
=3D"text-decoration: none; color: rgb(0, 136, 183);">Bug #3267: Webroot c=
laims that there is malware (W32.Malware.Gen) in Sourceforge .NET downloa=
d file</a></h1>
<ul>
<li>Author: Herbert Smith </li><li>Status: AwaitingInfo </li><li>Priority=
: Normal </li><li>Assignee: O'Neil Delpratt </li><li>Category: Build and =
release </li><li>Sprint/Milestone: </li><li>Legacy ID: </li><li>Applies t=
o branch: 9.7 </li><li>Fix Committed on Branch: </li><li>Fixed in Mainten=
ance Release: </li><li>Found in version: .NET HE 9.7 and 9.8 </li><li>Fix=
ed in version: </li></ul>
<p><a href=3D"https://sourceforge.net/projects/saxon/files/Saxon-HE/9.7/S=
axonHE9-7-0-18N-setup.exe/download" style=3D"color: rgb(0, 136, 183);">ht=
tps://sourceforge.net/projects/saxon/files/Saxon-HE/9.7/SaxonHE9-7-0-18N-=
setup.exe/download</a></p>
<p>That file, along with the newer version that I uninstalled to try the =
one that I linked, are infected with malware. The newer version of the HE=
version of Saxon was detected as soon as installation started, but the o=
lder version was detected once I attempted
to run a Querry.</p>
<p>Because of the infected files on sourceforge, I am unable to use the S=
axon product that I need for a school assignment. Sourceforge is known mo=
re for it's malware now than it is for what can be downloaded, so maybe s=
witch over to another site. I will never
be a customer as long as the stuff is only available from that site.</p>=

<fieldset class=3D"attachments" style=3D"border:solid #ccc; border-width:=
1px 0 0 0"><legend>
Files</legend><a href=3D"https://saxonica.plan.io/attachments/download/65=
7/Untitled.png" style=3D"color: rgb(0, 136, 183);">Untitled.png</a> (317 =
KB)<br>
<a href=3D"https://saxonica.plan.io/attachments/download/658/Untitled2.pn=
g" style=3D"color: rgb(0, 136, 183);">Untitled2.png</a> (454 KB)<br>
<a href=3D"https://saxonica.plan.io/attachments/download/659/Untitled3.pn=
g" style=3D"color: rgb(0, 136, 183);">Untitled3.png</a> (619 KB)<br>
<a href=3D"https://saxonica.plan.io/attachments/download/660/Untitled4.pn=
g" style=3D"color: rgb(0, 136, 183);">Untitled4.png</a> (620 KB)<br>
<a href=3D"https://saxonica.plan.io/attachments/download/661/Untitled5.pn=
g" style=3D"color: rgb(0, 136, 183);">Untitled5.png</a> (631 KB)<br>
<a href=3D"https://saxonica.plan.io/attachments/download/663/Untitled-149=
7363134.png" style=3D"color: rgb(0, 136, 183);">Untitled-1497363134.png</=
a> (317 KB)<br>
<a href=3D"https://saxonica.plan.io/attachments/download/664/Untitled2-14=
97363134.png" style=3D"color: rgb(0, 136, 183);">Untitled2-1497363134.png=
</a> (454 KB)<br>
<a href=3D"https://saxonica.plan.io/attachments/download/665/Untitled3-14=
97363134.png" style=3D"color: rgb(0, 136, 183);">Untitled3-1497363134.png=
</a> (619 KB)<br>
<a href=3D"https://saxonica.plan.io/attachments/download/666/Untitled4-14=
97363134.png" style=3D"color: rgb(0, 136, 183);">Untitled4-1497363134.png=
</a> (620 KB)<br>
<a href=3D"https://saxonica.plan.io/attachments/download/667/Untitled5-14=
97363134.png" style=3D"color: rgb(0, 136, 183);">Untitled5-1497363134.png=
</a> (631 KB)<br>
</fieldset>
<div itemscope=3D"itemscope" itemtype=3D"http://schema.org/EmailMessage">=

<div itemscope=3D"itemscope" itemprop=3D"action" itemtype=3D"http://schem=
a.org/ViewAction">
<link itemprop=3D"url" href=3D"https://saxonica.plan.io/issues/3267?pn=3D=
1#change-9159">
<meta itemprop=3D"name" content=3D"View Issue">
</div>
<meta itemprop=3D"description" content=3D"View this issue update on Plani=
o">
</div>
</td>
</tr>
<tr>
<td class=3D"footer" style=3D"font-size:0.8em; width:100%">
<hr style=3D"width:100%; height:1px; background:#ccc; border:0; margin:1.=
2em 0">
<p>You have received this notification because you have either subscribed=
to or are involved in a project on Saxonica Developer Community site.<br=
>
To change your notification preferences, please click here: <a href=3D"ht=
tps://saxonica.plan.io/my/account?tour=3Dmail_preferences" style=3D"color=
: rgb(0, 136, 183);">
https://saxonica.plan.io/my/account?tour=3Dmail_preferences</a></p>
</td>
<td></td>
</tr>
<tr>
<td class=3D"planio_footer" style=3D"text-align:center; width:100%; font-=
family:MarketWeb,Helvetica,Arial,sans-serif; font-size:1.2em; color:#D7D7=
D7">
<br>
<div><a href=3D"https://plan.io/" style=3D"text-decoration: none; color: =
rgb(0, 136, 183);">This notification was cheerfully delivered by</a></div=
>
</td>
<td></td>
</tr>
<tr>
<td class=3D"planio_footer_logo" style=3D"text-align:center; width:100%">=
<a href=3D"https://plan.io/" title=3D"Planio" style=3D"color: rgb(0, 136,=
183);"><img height=3D"25" width=3D"102" border=3D"0" alt=3D"Planio" styl=
e=3D"vertical-align: middle; border: none; user-select: none;" src=3D"htt=
ps://assets.plan.io/images/planio_logo_gray_204x50.png"></a></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</body>
</html>

--_000_BN6PR14MB11060C0DE74D104B7A7189DCACC20BN6PR14MB1106namp_--
    (1-1/1)