Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 30055 invoked from network); 27 Jan 2011 13:38:20 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 27 Jan 2011 13:38:20 -0000 Received: (qmail 68001 invoked by uid 500); 27 Jan 2011 13:38:16 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 67473 invoked by uid 500); 27 Jan 2011 13:38:12 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 67457 invoked by uid 99); 27 Jan 2011 13:38:11 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Jan 2011 13:38:11 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of knst.kolinko@gmail.com designates 209.85.213.45 as permitted sender) Received: from [209.85.213.45] (HELO mail-yw0-f45.google.com) (209.85.213.45) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Jan 2011 13:38:07 +0000 Received: by ywa8 with SMTP id 8so782906ywa.18 for ; Thu, 27 Jan 2011 05:37:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type:content-transfer-encoding; bh=IUvuYKdnnta11/A/RYuT9wrSKo+F4i7/SKrZx/RbAls=; b=eiSRe9Wh67KhmZDMrqDCFZZaVhUd1eJbzw4I0mP217dccdLqZz/aGKF+qksuKYcLMJ n2Vfaad8R+KK0MmjJ5f1Tn/ZvlopNGSZlkP04xlZhJjrUXENc02lGaugyZ3uZjnTGTFk pkDbsQ8OtOBIDq3MQj0XxuerYI4YIc/a7B7Rc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=wTAX6+d65TRSlAZ9DlZiQP59rc1IWqZj/1wLKO07c7wnK49/49TFEXb0WTJafYlKRU Z9+biu+L8JJygZ4U4Fdj+BDxCBc9XrBp2RQrLFFclMe5vHetzOpqx2YHBjZdR4kuYC3j tJP0Bfjs/xccPsD82feTSWuTq3FrPnfNP58SA= MIME-Version: 1.0 Received: by 10.100.10.13 with SMTP id 13mr601321anj.116.1296135466520; Thu, 27 Jan 2011 05:37:46 -0800 (PST) Received: by 10.100.214.9 with HTTP; Thu, 27 Jan 2011 05:37:46 -0800 (PST) In-Reply-To: <498ABFCC7ACA364B911DFBF2F825821BF0F180FA9A@EXMAIL01.ad.swfwmd.net> References: <498ABFCC7ACA364B911DFBF2F825821BF0F180FA9A@EXMAIL01.ad.swfwmd.net> Date: Thu, 27 Jan 2011 16:37:46 +0300 Message-ID: Subject: Re: Detected malware in the download of Tomcat 6.0.30 From: Konstantin Kolinko To: Tomcat Users List Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable 2011/1/27 Barry Kortekaas : > I am receiving a virus detection in the download of apache-tomcat-6.0.30-= windows-x64.zip (MD5 - 03416951ad4094d1f0de1c55cf9180c1) from different mir= rors. > > www.takeyellow.com > www.eng.lsu.edu > mirrors.devlib.org > apache.ziply.com > www.reverse.net > > Virus total has 3 engines detecting "W32/Nebuler.E.gen!Eldorado" and "Ris= kware". > > http://www.virustotal.com/file-scan/report.html?id=3D12dcd961346fc39ee628= 7bf819d2f7267b0698a7d95df35c0da53aa4853e04a8-1296130008 > > > =A0 =A0 =A0 =A0 =A0 =A0 =A0 I have run the download through Vipre (defs 8= 212) and ESET NOD32 (defs 5823) but received no detections. =A0Is this a fa= lse positive and is the download safe? > It barks at tomcat6w.exe which is renamed prunmgr.exe from commons-daemon 1.0.5 from http://www.apache.org/dist/commons/daemon/binaries/1.0.5/windows/commons-da= emon-1.0.5-bin-windows.zip Analysis: http://www.virustotal.com/file-scan/report.html?id=3D2e114a9fbfd11137e8efb2= 91aec0b1ddd3c0ccc16415904d34358e1504309044-1295963193 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org