Saxon

Return-Path: <dudealert86@outlook.com>

Received: from mi015.mc1.hosteurope.de ([80.237.138.240]) by wp245.webpack.hosteurope.de running ExIM with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1dKpJr-0005Mw-0S; Tue, 13 Jun 2017 19:09:31 +0200

Received: from mail-oln040092008080.outbound.protection.outlook.com ([40.92.8.80] helo=NAM03-DM3-obe.outbound.protection.outlook.com) by mx0.webpack.hosteurope.de (mi015.mc1.hosteurope.de) with esmtps (TLSv1.2:AES256-SHA256:256) id 1dKpJo-0008G3-Dc for inbox+saxonica+f38e+saxon@plan.io; Tue, 13 Jun 2017 19:09:30 +0200

Received: from DM3NAM03FT011.eop-NAM03.prod.protection.outlook.com (10.152.82.52) by DM3NAM03HT038.eop-NAM03.prod.protection.outlook.com (10.152.83.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1178.14; Tue, 13 Jun 2017 17:09:26 +0000

Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.152.82.57) by DM3NAM03FT011.mail.protection.outlook.com (10.152.82.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1178.14 via Frontend Transport; Tue, 13 Jun 2017 17:09:26 +0000

Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([10.173.161.15]) by BN6PR14MB1106.namprd14.prod.outlook.com ([10.173.161.15]) with mapi id 15.01.1157.017; Tue, 13 Jun 2017 17:09:26 +0000

Date: Tue, 13 Jun 2017 17:09:26 +0000

From: Greg Smith <dudealert86@outlook.com>

To: Saxonica Developer Community <inbox+saxonica+f38e+saxon@plan.io>

Message-ID: <BN6PR14MB11060C0DE74D104B7A7189DCACC20@BN6PR14MB1106.namprd14.prod.outlook.com>

In-Reply-To: <redmine.journal-9159.20170613161151.5cc99aa391edfc7d@plan.io>

References: <redmine.issue-3267.20170613092205@plan.io>,<redmine.journal-9159.20170613161151.5cc99aa391edfc7d@plan.io>

Subject: Re: [Saxon - Bug #3267] Webroot claims that there is malware

(W32.Malware.Gen) in Sourceforge .NET download file

Mime-Version: 1.0

Content-Type: multipart/alternative;

boundary=_000_BN6PR14MB11060C0DE74D104B7A7189DCACC20BN6PR14MB1106namp_

Content-Transfer-Encoding: 7bit

Delivery-date: Tue, 13 Jun 2017 19:09:31 +0200

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;

bh=7qt/bNXeIHqnnzB31N3Hv/JR5xhC2Yd+mVpBP6F1CiQ=;

b=lXOcgkZ27byb/A2wJCBAMUYCWMMMQOoSs/G+0QkORnXHGjaJg+NcPy3UW6mn6crPKgmdSgai0lr5fJrPUiGEr+wH0S5L27yHlMhNf/398oFor4fSJJAwBu1EVS9D9RgmPJMuHEM0Ae6FKxsQK9n6lSDmqfWecrZKFdMbZ9hpVP36clhzMR0pkrSxk/cO0au1figV9yr8XTjTmCc4Xyh9x8S65LjLEyUJh1OIcgA0wZNqBL00giBmzuT2v/PRaOac0eJeB4ABvoge7O6uaICus7xEfZTZJSK5fe5MF1pfkniOrXVDgqvwUN7sXeHXQyQJRZAHVBGcPUXjUEnw2Dg0+g==

Thread-Topic: [Saxon - Bug #3267] Webroot claims that there is malware

(W32.Malware.Gen) in Sourceforge .NET download file

Thread-Index: AQHS5F/NQ8ocrDjEdUmkEQk6jEDspKIjBnoy

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

authentication-results: plan.io; dkim=none (message not signed)

header.d=none;plan.io; dmarc=none action=none header.from=outlook.com;

x-incomingtopheadermarker: OriginalChecksum:403E16A7EF52277C828CF8655DA1AB69CE535196DDDADE3959364FC397B5CA75;UpperCasedChecksum:5593844DCB701ECC02DC1FFE69DFD4D75CBA33CA03B5EE4FD90764241E13D785;SizeAsReceived:7366;Count:44

x-tmn: [qKIFQ4QgO/fjopQFHWD5C08GHcv3Mt53]

x-ms-publictraffictype: Email

x-microsoft-exchange-diagnostics: 1;DM3NAM03HT038;7:IqGGQW2rcsrrtQmET+7ITAjYw2yq6fDrHYE4Wno1NnHOiscZfwBwYFlpzz9tgK238ss0ErCzA9aoFyIWl3+1FwXKS58BPj1cMN8U5ZjQWkL7dIIccbfSbm7+2VJIssHS4Ns2470inASpitO+eDCl/CLHBRn0ZRPG9e85vmmVH/wE9l0N4BA60O4PFAu0SAP8gJ52rWmVuKQSct3D+MI/4SP7EOfjXds2bc63po767wxt2rIkLVJ30EzZZ2XCF8ljYvjE0Nv6dgjXoJa3BAe5n/6Y/MN4JA3W5sO+sZdYD6U5F+cuG5PjekSirgFj/KsCovFoBIH7H8w7YrYXINC+mbRMUwXVSWvlcvYah04BI63c3ylObX+kv0LzsujjGpzALAqItEAd13Uz4/p8MNrxXSET6bphsG1Os0ErWAoYJPZmzYO0+uXgOpm4UBWIt5irM+uHYEApWBG8QdQH0MmiKbnpqYha3oRrh6aCpeDySGoxTaW0hZzw5Nsz1Gpy3AkmkrifqhloLJR8dUrFHYmUByIAdoaRCFisMCevodXKpJ2Dm4mlzYdPib7+mgMVQ0nCWMfiqPBYAHrqzid1xOFWsxk+/Qah5L/5oBdgeO4FLquqr/ow1U9mwblewDi4OJkP7ZmTFryBglgL7XkSvLXADYAu4kA7luNW/viciGJJOpR1zwA4HEExqK8ux0VEK++ZWPvpIKDNfMRwUrrU3WN/U4F6Jimu9e6UmdVHsPoJXMvMEVGeHadkOzSr5MxCx5NYMCMAiqMhGTaU5zuk0NqOhQ==

x-incomingheadercount: 44

x-eopattributedmessage: 0

x-forefront-antispam-report: EFV:NLI;SFV:NSPM;SFS:(7070007)(98901004);DIR:OUT;SFP:1901;SCL:1;SRVR:DM3NAM03HT038;H:BN6PR14MB1106.namprd14.prod.outlook.com;FPR:;SPF:None;LANG:en;

x-ms-office365-filtering-correlation-id: 2b13a97d-6ae8-4900-4a70-08d4b27ef211

x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322274)(1601125374)(1603101448)(1701031045);SRVR:DM3NAM03HT038;

x-ms-traffictypediagnostic: DM3NAM03HT038:

x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031);SRVR:DM3NAM03HT038;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DM3NAM03HT038;

x-forefront-prvs: 0337AFFE9A

spamdiagnosticoutput: 1:99

spamdiagnosticmetadata: NSPM

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jun 2017 17:09:26.1595 (UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Internet

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3NAM03HT038

X-HE-Virus-Scanned: Yes

X-HE-Spam-Level: ++

X-HE-Spam-Score: 2.8

X-HE-Spam-Report: Content analysis details: (2.8 points) pts rule name

description ---- ----------------------

-------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE

RBL: Sender listed at http://www.dnswl.org/, no trust [40.92.8.80 listed in

list.dnswl.org] 2.5 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy

server [40.92.8.80 listed in dnsbl.sorbs.net] 0.0 FREEMAIL_FROM Sender email

is commonly abused enduser mail provider (dudealert86[at]outlook.com) 0.2

FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit

(dudealert86[at]outlook.com) 0.1 HTML_MESSAGE BODY: HTML included in message

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1

DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

X-HE-SPF: PASSED

Envelope-to: inbox+saxonica+f38e+saxon@plan.io

--_000_BN6PR14MB11060C0DE74D104B7A7189DCACC20BN6PR14MB1106namp_

Content-Type: text/plain;

charset=iso-8859-1

Content-Transfer-Encoding: quoted-printable

I've got to admit, you're good lol I didn't expect webroot to respond so =

quickly to you. It works now, with no malware notification. Thank you.

________________________________

From: Saxonica Developer Community <notifications@plan.io>

Sent: Tuesday, June 13, 2017 12:11 PM

Subject: [Saxon - Bug #3267] Webroot claims that there is malware (W32.Ma=

lware.Gen) in Sourceforge .NET download file

--- In your reply, please do not write below this line ---

Issue #3267<https://saxonica.plan.io/issues/3267?pn=3D1#change-9159> has =

been updated by Michael Kay.

Thanks, we are well aware of widespread dissatisfaction with the commerci=

alization of SourceForge, but that's nothing to do with the issue here. T=

he report from Webroot here is a false positive on scanning our software =

for viruses, and would have happened whatever platform we used for distri=

bution. Sourceforge are distributing the binary that we uploaded.

________________________________

Bug #3267: Webroot claims that there is malware (W32.Malware.Gen) in Sour=

ceforge .NET download file<https://saxonica.plan.io/issues/3267?pn=3D1#ch=

ange-9159>

* Author: Herbert Smith

* Status: AwaitingInfo

* Priority: Normal

* Assignee: O'Neil Delpratt

* Category: Build and release

* Sprint/Milestone:

* Legacy ID:

* Applies to branch: 9.7

* Fix Committed on Branch:

* Fixed in Maintenance Release:

* Found in version: .NET HE 9.7 and 9.8

* Fixed in version:

https://sourceforge.net/projects/saxon/files/Saxon-HE/9.7/SaxonHE9-7-0-18=

N-setup.exe/download

That file, along with the newer version that I uninstalled to try the one=

that I linked, are infected with malware. The newer version of the HE ve=

rsion of Saxon was detected as soon as installation started, but the olde=

r version was detected once I attempted to run a Querry.

Because of the infected files on sourceforge, I am unable to use the Saxo=

n product that I need for a school assignment. Sourceforge is known more =

for it's malware now than it is for what can be downloaded, so maybe swit=

ch over to another site. I will never be a customer as long as the stuff =

is only available from that site.

Files

Untitled.png<https://saxonica.plan.io/attachments/download/657/Untitled.p=

ng> (317 KB)

Untitled2.png<https://saxonica.plan.io/attachments/download/658/Untitled2=

.png> (454 KB)

Untitled3.png<https://saxonica.plan.io/attachments/download/659/Untitled3=

.png> (619 KB)

Untitled4.png<https://saxonica.plan.io/attachments/download/660/Untitled4=

.png> (620 KB)

Untitled5.png<https://saxonica.plan.io/attachments/download/661/Untitled5=

.png> (631 KB)

Untitled-1497363134.png<https://saxonica.plan.io/attachments/download/663=

/Untitled-1497363134.png> (317 KB)

Untitled2-1497363134.png<https://saxonica.plan.io/attachments/download/66=

4/Untitled2-1497363134.png> (454 KB)

Untitled3-1497363134.png<https://saxonica.plan.io/attachments/download/66=

5/Untitled3-1497363134.png> (619 KB)

Untitled4-1497363134.png<https://saxonica.plan.io/attachments/download/66=

6/Untitled4-1497363134.png> (620 KB)

Untitled5-1497363134.png<https://saxonica.plan.io/attachments/download/66=

7/Untitled5-1497363134.png> (631 KB)

________________________________

You have received this notification because you have either subscribed to=

or are involved in a project on Saxonica Developer Community site.

To change your notification preferences, please click here: https://saxon=

ica.plan.io/my/account?tour=3Dmail_preferences

This notification was cheerfully delivered by<https://plan.io/>

[Planio]<https://plan.io/>

--_000_BN6PR14MB11060C0DE74D104B7A7189DCACC20BN6PR14MB1106namp_

Content-Type: text/html;

charset=iso-8859-1

Content-Transfer-Encoding: quoted-printable

<html>

<head>

<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-885=

9-1">

<style type=3D"text/css" style=3D"display:none;"><!-- P {margin-top:0;mar=

gin-bottom:0;} --></style>

</head>

<body dir=3D"ltr">

<div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt;color:#000000;fo=

nt-family:Calibri,Arial,Helvetica,sans-serif;" dir=3D"ltr">

<p>I've got to admit, you're good lol I didn't expect webroot to respond =

so quickly to you. It works now, with no malware notification. Thank you.=

</p>

<br>

<br>

<div style=3D"color: rgb(0, 0, 0);">

<hr tabindex=3D"-1" style=3D"display:inline-block; width:98%">

<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" =

color=3D"#000000" style=3D"font-size:11pt"><b>From:</b> Saxonica Develope=

r Community &lt;notifications@plan.io&gt;<br>

<b>Sent:</b> Tuesday, June 13, 2017 12:11 PM<br>

<b>Subject:</b> [Saxon - Bug #3267] Webroot claims that there is malware =

(W32.Malware.Gen) in Sourceforge .NET download file</font>

<div>&nbsp;</div>

</div>

<div>

<table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" style=3D"border=

-spacing:0; border-collapse:collapse; width:100%">

<tbody>

<tr>

<td class=3D"header" style=3D"text-align:center; width:100%; font-family:=

MarketWeb,Helvetica,Arial,sans-serif; font-size:0.8em; color:#D7D7D7">

<p>--- In your reply, please do not write below this line ---</p>

</td>

</tr>

<tr>

<td>Issue <a href=3D"https://saxonica.plan.io/issues/3267?pn=3D1#change-9=

159" style=3D"color: rgb(0, 136, 183);">

#3267</a> has been updated by Michael Kay.

<ul>

</ul>

<p>Thanks, we are well aware of widespread dissatisfaction with the comme=

rcialization of SourceForge, but that's nothing to do with the issue here=

. The report from Webroot here is a false positive on scanning our softwa=

re for viruses, and would have happened

whatever platform we used for distribution. Sourceforge are distributing=

the binary that we uploaded.</p>

<hr style=3D"width:100%; height:1px; background:#ccc; border:0; margin:1.=

2em 0">

<h1 style=3D"font-family:&quot;ProximaNova-Bold&quot;,Helvetica,Arial,san=

s-serif; font-weight:normal; margin:0px; font-size:1.3em; line-height:1.4=

em">

<a href=3D"https://saxonica.plan.io/issues/3267?pn=3D1#change-9159" style=

=3D"text-decoration: none; color: rgb(0, 136, 183);">Bug #3267: Webroot c=

laims that there is malware (W32.Malware.Gen) in Sourceforge .NET downloa=

d file</a></h1>

<ul>

<li>Author: Herbert Smith </li><li>Status: AwaitingInfo </li><li>Priority=

: Normal </li><li>Assignee: O'Neil Delpratt </li><li>Category: Build and =

release </li><li>Sprint/Milestone: </li><li>Legacy ID: </li><li>Applies t=

o branch: 9.7 </li><li>Fix Committed on Branch: </li><li>Fixed in Mainten=

ance Release: </li><li>Found in version: .NET HE 9.7 and 9.8 </li><li>Fix=

ed in version: </li></ul>

<p><a href=3D"https://sourceforge.net/projects/saxon/files/Saxon-HE/9.7/S=

axonHE9-7-0-18N-setup.exe/download" style=3D"color: rgb(0, 136, 183);">ht=

tps://sourceforge.net/projects/saxon/files/Saxon-HE/9.7/SaxonHE9-7-0-18N-=

setup.exe/download</a></p>

<p>That file, along with the newer version that I uninstalled to try the =

one that I linked, are infected with malware. The newer version of the HE=

version of Saxon was detected as soon as installation started, but the o=

lder version was detected once I attempted

to run a Querry.</p>

<p>Because of the infected files on sourceforge, I am unable to use the S=

axon product that I need for a school assignment. Sourceforge is known mo=

re for it's malware now than it is for what can be downloaded, so maybe s=

witch over to another site. I will never

be a customer as long as the stuff is only available from that site.</p>=

<fieldset class=3D"attachments" style=3D"border:solid #ccc; border-width:=

1px 0 0 0"><legend>

Files</legend><a href=3D"https://saxonica.plan.io/attachments/download/65=

7/Untitled.png" style=3D"color: rgb(0, 136, 183);">Untitled.png</a> (317 =

KB)<br>

<a href=3D"https://saxonica.plan.io/attachments/download/658/Untitled2.pn=

g" style=3D"color: rgb(0, 136, 183);">Untitled2.png</a> (454 KB)<br>

<a href=3D"https://saxonica.plan.io/attachments/download/659/Untitled3.pn=

g" style=3D"color: rgb(0, 136, 183);">Untitled3.png</a> (619 KB)<br>

<a href=3D"https://saxonica.plan.io/attachments/download/660/Untitled4.pn=

g" style=3D"color: rgb(0, 136, 183);">Untitled4.png</a> (620 KB)<br>

<a href=3D"https://saxonica.plan.io/attachments/download/661/Untitled5.pn=

g" style=3D"color: rgb(0, 136, 183);">Untitled5.png</a> (631 KB)<br>

<a href=3D"https://saxonica.plan.io/attachments/download/663/Untitled-149=

7363134.png" style=3D"color: rgb(0, 136, 183);">Untitled-1497363134.png</=

a> (317 KB)<br>

<a href=3D"https://saxonica.plan.io/attachments/download/664/Untitled2-14=

97363134.png" style=3D"color: rgb(0, 136, 183);">Untitled2-1497363134.png=

</a> (454 KB)<br>

<a href=3D"https://saxonica.plan.io/attachments/download/665/Untitled3-14=

97363134.png" style=3D"color: rgb(0, 136, 183);">Untitled3-1497363134.png=

</a> (619 KB)<br>

<a href=3D"https://saxonica.plan.io/attachments/download/666/Untitled4-14=

97363134.png" style=3D"color: rgb(0, 136, 183);">Untitled4-1497363134.png=

</a> (620 KB)<br>

<a href=3D"https://saxonica.plan.io/attachments/download/667/Untitled5-14=

97363134.png" style=3D"color: rgb(0, 136, 183);">Untitled5-1497363134.png=

</a> (631 KB)<br>

</fieldset>

<div itemscope=3D"itemscope" itemtype=3D"http://schema.org/EmailMessage">=

<div itemscope=3D"itemscope" itemprop=3D"action" itemtype=3D"http://schem=

a.org/ViewAction">

<link itemprop=3D"url" href=3D"https://saxonica.plan.io/issues/3267?pn=3D=

1#change-9159">

<meta itemprop=3D"name" content=3D"View Issue">

</div>

<meta itemprop=3D"description" content=3D"View this issue update on Plani=

o">

</div>

</td>

</tr>

<tr>

<td class=3D"footer" style=3D"font-size:0.8em; width:100%">

<hr style=3D"width:100%; height:1px; background:#ccc; border:0; margin:1.=

2em 0">

<p>You have received this notification because you have either subscribed=

to or are involved in a project on Saxonica Developer Community site.<br=

>

To change your notification preferences, please click here: <a href=3D"ht=

tps://saxonica.plan.io/my/account?tour=3Dmail_preferences" style=3D"color=

: rgb(0, 136, 183);">

https://saxonica.plan.io/my/account?tour=3Dmail_preferences</a></p>

</td>

<td></td>

</tr>

<tr>

<td class=3D"planio_footer" style=3D"text-align:center; width:100%; font-=

family:MarketWeb,Helvetica,Arial,sans-serif; font-size:1.2em; color:#D7D7=

D7">

<br>

<div><a href=3D"https://plan.io/" style=3D"text-decoration: none; color: =

rgb(0, 136, 183);">This notification was cheerfully delivered by</a></div=

>

</td>

<td></td>

</tr>

<tr>

<td class=3D"planio_footer_logo" style=3D"text-align:center; width:100%">=

<a href=3D"https://plan.io/" title=3D"Planio" style=3D"color: rgb(0, 136,=

183);"><img height=3D"25" width=3D"102" border=3D"0" alt=3D"Planio" styl=

e=3D"vertical-align: middle; border: none; user-select: none;" src=3D"htt=

ps://assets.plan.io/images/planio_logo_gray_204x50.png"></a></td>

</tr>

</tbody>

</table>

</div>

</div>

</div>

</body>

</html>

--_000_BN6PR14MB11060C0DE74D104B7A7189DCACC20BN6PR14MB1106namp_--