Virus warning in xamp-win32-1.7.3.exe

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Virus warning in xamp-win32-1.7.3.exe

Postby andreago » 02. November 2010 11:33

Hello,
Yesterday I downloaded the latest xampp version for windows, the serf-extracting executable, and installed it. During installation, I was warned by my virus protection system (Symantec End Point Protection installation for the whole company) that some files cannot be scanned due to access restrictions.
I didn't pay attention to that, complete the installation and started working with it.

This morning when I came to my desk and opened my system, I saw the following messages alerting me about a virus named "Bloodhound.Exploit.135" found in files of the Mercury Mail module. The anti-virus says that the files were put in quarantine and the installer executable as well.
The files are xampp\MercuryMail\mercury.hlp, xampp\MercuryMail\setup.hlp.

Note that I have never had any virus incident in my machine in the past, I'm a developer and I'm extremely cautious but I've never thought that I could get a virus from apache friends!

This is for your information. My question is what should I do to get a clean version of the infected help files?

Thanks
andreago
 
Posts: 4
Joined: 02. November 2010 11:08

Re: Virus warning in xamp-win32-1.7.3.exe

Postby Nobbie » 02. November 2010 12:09

Remove your Anti-Virus program, its simply wrong. Xampp does not deliver viruses.
Nobbie
 
Posts: 8768
Joined: 09. March 2008 13:04

Re: Virus warning in xamp-win32-1.7.3.exe

Postby andreago » 02. November 2010 12:43

Nobbie wrote:Remove your Anti-Virus program, its simply wrong. Xampp does not deliver viruses.

I'm sorry Nobbie but this argument is not enough for me. If you are in the business, you would know that no system in the world is 100% secure.
Why don't you try to download and check it with your favorite anti-virus? I did tried once more to download both versions (.exe and .zip) and check them, it gave me the exact same results for the above mentioned files only (mercury.hlp, setup.hlp).

Thanks

PS: One of the reasons, I believe, that I have never been infected is that I never use anti-virus programs!. Symantec End Point protection however is my company's policy.
andreago
 
Posts: 4
Joined: 02. November 2010 11:08

Re: Virus warning in xamp-win32-1.7.3.exe

Postby Nobbie » 02. November 2010 14:19

andreago wrote:I'm sorry Nobbie but this argument is not enough for me. If you are in the business, you would know that no system in the world is 100% secure.


I know, but anti-virus software do also have bugs as other software.

andreago wrote:Why don't you try to download and check it with your favorite anti-virus?


Why do you think so? I did not say anything like that. Of course i downloaded Xampp 1.7.3 and checked it (Antivir). It is a well known issue that some buggy anti-virus tools are bringing up wrong virus warnings with Xampp 1.7.3 (you are not the first one who asked that).

My problem is: when you really think, that Apachefriends do not deliver virus free software you really MUST delete the whole Xampp package IMMEDIATELY and NEVER install it again, neither download it again. If you dont trust this project, go somewhere else.

I tell you, the software is virus free. It's on you to believe it or not. If you dont believe - delete it NOW and FOREVER!
Nobbie
 
Posts: 8768
Joined: 09. March 2008 13:04

Re: Virus warning in xamp-win32-1.7.3.exe

Postby andreago » 02. November 2010 14:35

I have no reason to doubt you or apache friends but from your first reply I didn't get any sense of trust, that's all.
Nobbie wrote:It is a well known issue that some buggy anti-virus tools are bringing up wrong virus warnings with Xampp 1.7.3 (you are not the first one who asked that).

The above phrase on the contrary, would spare us from this grouch!

Thank you
andreago
 
Posts: 4
Joined: 02. November 2010 11:08

Re: Virus warning in xamp-win32-1.7.3.exe

Postby JonB » 02. November 2010 14:38

Dear Andreago -

I'm sorry Nobbie but this argument is not enough for me. If you are in the business, you would know that no system in the world is 100% secure.


I'd point out that heursistic detection methods by definition will return some false positives, and that AFAIK .hlp files are not a malware or virus vector as they are 'plaintext' files - open them with an editor.

The solutions to false positives is to perform the check with an alternative virus/threat checker. Comprehensive solutions like End Point security are actually tuneable based on the characteristics of the organizational environement, and all results have to be evaluated in the context they are found in.

I'd say detecting text files that are clear LANGUAGE (parsable) as a threat should actually probably disqualify Symantec from being a reliable solution,

Did you discuss this with ýour company's security wizards?

If you did, and made this report after speaking with them, maybe your company needs someone who actually understands security methodology, I'm for hire, BTW...

There IS actually a corrupt executable (also no threat whatever) in the download and it looks like the settings for Symnatec let it pass, AVG 2011 picked up on it, and they are correct.

viewtopic.php?f=16&t=42356

Good Luck
:shock:
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7

Re: Virus warning in xamp-win32-1.7.3.exe

Postby andreago » 02. November 2010 14:52

Thank you so very much for your in-depth analysis.

I already spoke with the administrators about the issue with Symantec, I don't know if the incident itself would make them change anti-virus product/methodology, I'll add your comments to my report as well.

And I'm glad I know you're around. :wink:
andreago
 
Posts: 4
Joined: 02. November 2010 11:08

Re: Virus warning in xamp-win32-1.7.3.exe

Postby roytalbot » 03. November 2016 10:52

I downloaded 7.0.9 yesterday onto a new server with the result that the server is now infected with a ransom virus

Be careful
roytalbot
 
Posts: 1
Joined: 03. November 2016 10:45
XAMPP version: 5.6.24
Operating System: windows10

Re: Virus warning in xamp-win32-1.7.3.exe

Postby Altrea » 03. November 2016 17:06

Hi,

Please upload the downloaded xampp file to a virus check like virustotal and show us the result.

I downloaded all XAMPP 7.0.9 versions by myself. None of them contained any malware.

Best wishes,
Altrea
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 8290
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: Virus warning in xamp-win32-1.7.3.exe

Postby Nobbie » 03. November 2016 21:31

roytalbot wrote:with the result that the server is now infected with a ransom virus


Nonsense. Instead your server is "infected" with an useless antivirus trash program.
Nobbie
 
Posts: 8768
Joined: 09. March 2008 13:04


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 94 guests