* Detected as trojan in chocolatey repo @ 2021-12-09 21:25 Jesse [not found] ` <1ae0839c-ca1c-4845-8755-33235432ede2n-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org> 0 siblings, 1 reply; 2+ messages in thread From: Jesse @ 2021-12-09 21:25 UTC (permalink / raw) To: pandoc-discuss [-- Attachment #1.1: Type: text/plain, Size: 2134 bytes --] Hello, are you the maintainer of your software on chocolatey? Do you have issues with false positives? Hope that's all this is. I don't even know why the repo installed this package; I didn't get a dependency error when I uninstalled it...maybe I removed the software it came with. The file was created on the 3rd, but didn't get picked up until a full drive idle scan this morning. So real-time missed it. Probably because I have chocolatey trusted. Everything is supposed to be scanned already, I thought. Then again, they offer integrated virus scanning as a paid feature; I hope that doesn't mean they don't scan pushed packages by default. Usually Kaspersky is pretty good about labeling PUA detections (will say *not-a-virus* right on the label) and it isn't heuristic either which is naturally a lot more likely to be false. So it tripped some signature. That doesn't mean it can't be a false positive though. Unfortunately I deleted the file before I thought to upload it to VirusTotal or send it in. I scanned the Windows zip and source code from Github to see if it caused a detection as well though and didn't detect anything. Also, *pandoc-citeproc.exe* is not in those archives anyway, perhaps those data are associated with the chocolatey package specifically? Just wanted to inform. I don't think anything bad happened to my PC. I hope it isn't indicative of someone somehow sneaking trojans into other legitimate chocolatey packages after they've been pushed to the repo. That seems like a stretch though. If you have any insight on this I'd appreciate it. I might just need to switch antivirus providers. Their firewall has been aggravating me for days as it is. Have a nice day. -- You received this message because you are subscribed to the Google Groups "pandoc-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msgid/pandoc-discuss/1ae0839c-ca1c-4845-8755-33235432ede2n%40googlegroups.com. [-- Attachment #1.2: Type: text/html, Size: 27361 bytes --] ^ permalink raw reply [flat|nested] 2+ messages in thread
[parent not found: <1ae0839c-ca1c-4845-8755-33235432ede2n-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>]
* Re: Detected as trojan in chocolatey repo [not found] ` <1ae0839c-ca1c-4845-8755-33235432ede2n-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org> @ 2021-12-16 1:13 ` Gregory Weber 0 siblings, 0 replies; 2+ messages in thread From: Gregory Weber @ 2021-12-16 1:13 UTC (permalink / raw) To: pandoc-discuss [-- Attachment #1.1: Type: text/plain, Size: 3306 bytes --] According to https://community.chocolatey.org/packages """ Moderation Every version of each package undergoes a rigorous moderation process before it goes live that typically includes: - Security <https://docs.chocolatey.org/en-us/information/security#chocolatey.org-packages>, consistency, and quality checking <https://docs.chocolatey.org/en-us/community-repository/moderation/package-validator/rules/> - Installation testing <https://docs.chocolatey.org/en-us/community-repository/moderation/package-verifier> - Virus checking through VirusTotal <https://docs.chocolatey.org/en-us/information/security#chocolatey.org-packages> - Human moderators who give final review and sign off More detail at Security <https://docs.chocolatey.org/en-us/information/security#chocolatey.org-packages> and Moderation <https://docs.chocolatey.org/en-us/community-repository/moderation>. """ So it doesn't seem that virus scanning on the chocolatey repository is a paid feature. On Thursday, December 9, 2021 at 4:25:14 PM UTC-5 jmroos...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote: > > Hello, are you the maintainer of your software on chocolatey? Do you have > issues with false positives? Hope that's all this is. I don't even know why > the repo installed this package; I didn't get a dependency error when I > uninstalled it...maybe I removed the software it came with. The file was > created on the 3rd, but didn't get picked up until a full drive idle scan > this morning. So real-time missed it. Probably because I have chocolatey > trusted. Everything is supposed to be scanned already, I thought. Then > again, they offer integrated virus scanning as a paid feature; I hope that > doesn't mean they don't scan pushed packages by default. > > Usually Kaspersky is pretty good about labeling PUA detections (will say > *not-a-virus* right on the label) and it isn't heuristic either which is > naturally a lot more likely to be false. So it tripped some signature. That > doesn't mean it can't be a false positive though. Unfortunately I deleted > the file before I thought to upload it to VirusTotal or send it in. I > scanned the Windows zip and source code from Github to see if it caused a > detection as well though and didn't detect anything. Also, > *pandoc-citeproc.exe* is not in those archives anyway, perhaps those data > are associated with the chocolatey package specifically? > > Just wanted to inform. I don't think anything bad happened to my PC. I > hope it isn't indicative of someone somehow sneaking trojans into other > legitimate chocolatey packages after they've been pushed to the repo. That > seems like a stretch though. > > If you have any insight on this I'd appreciate it. I might just need to > switch antivirus providers. Their firewall has been aggravating me for days > as it is. Have a nice day. > > -- You received this message because you are subscribed to the Google Groups "pandoc-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msgid/pandoc-discuss/0209b12b-3ad1-4fbc-abed-21345db9c773n%40googlegroups.com. [-- Attachment #1.2: Type: text/html, Size: 4239 bytes --] ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-12-16 1:13 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-12-09 21:25 Detected as trojan in chocolatey repo Jesse [not found] ` <1ae0839c-ca1c-4845-8755-33235432ede2n-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org> 2021-12-16 1:13 ` Gregory Weber
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).