directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIR-328) Apache Directory Server : Test of the file downloaded by www.VirusTotal.com is not good
Date Mon, 26 Mar 2018 14:46:00 GMT

    [ https://issues.apache.org/jira/browse/DIR-328?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413953#comment-16413953
] 

Emmanuel Lecharny commented on DIR-328:
---------------------------------------

Hi !

I would say : likely false positive. Now, as we build the Windows installer using a third
party library (NSIS), we can't really disregard your findings.

I think we should check with various anti-virus that this third party is not contaminated.

 

Now, you have options : we produce binaries for convenience, and you still have the option
to build the project on your own, and have it running on your machine. It's pretty trivial
and as simple as :

 
{noformat}
$ git clone http://gitbox.apache.org/repos/asf/directory-server.git
$ cd  directory-server
$ mvn clean install
$ cd installers
$ mvn clean install -Pbin{noformat}
Note that this will not generate a windows installer, but a binary package that you will have
to bundle yourself if you want to to be a service. You can still launch the server using the
{{apacheds.bat}} script.

> Apache Directory Server : Test of the file downloaded by www.VirusTotal.com is not good
> ---------------------------------------------------------------------------------------
>
>                 Key: DIR-328
>                 URL: https://issues.apache.org/jira/browse/DIR-328
>             Project: Directory
>          Issue Type: Task
>          Components: sitedocs
>            Reporter: Gratiot
>            Assignee: Emmanuel Lecharny
>            Priority: Critical
>              Labels: security
>         Attachments: screenshot-www.virustotal.com-2018.03.26-15-20-03_ADSLastAnalysis.png,
www.virustotal.com-2018.03.23-12-23-35-ApacheDirectoryServer_File.png
>
>
> Hi Team,
> In my current enterprise's process, I have to test all the downloaded files within the
[www.virustotal.com|http://www.virustotal.com/] site.
> I downloaded the release 
> |apacheds-2.0.0-M24.exe|
> from this link :
> http://directory.apache.org/apacheds/download/download-windows.html
>  (I tried several mirrors, same issue)
> and the virustotal analysis shows that 2 antivirus found a trojan or something similar
(see attached analysis).
> Is it true ? Is it false positive ? 
> I think you have to correct something on the exe, in order that it becomes proper for
a virustotal analysis.
> Hipe this will help and sorry if this is not in the right Jira project...
> Best regards
> Karen
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message