You've been compromised.
I tried downloading geany 1.27 for Windows. Windows defender blocked it.
As a hint, look at the file sizes on http://download.geany.org/ for geany-1.27_setup.exe and geany-1.26_setup.exe
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978
The 1.27 bundle is built with a different toolset and includes more, so its not surprising that the sizes are different.
What did defender say was the problem?
On 28 March 2016 at 13:21, Peter Cox notifications@github.com wrote:
You've been compromised.
I tried downloading geany 1.27 for Windows. Windows defender blocked it.
As a hint, look at the file sizes on http://download.geany.org/ for geany-1.27_setup.exe and geany-1.26_setup.exe
— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/geany/geany/issues/978
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#issuecomment-202219996
@eht16 can you check the download is ok, and maybe we should publish a hash for binary downloads. Would be useful even just to confirm no download errors.
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#issuecomment-202220773
It reports a Severe alert as
Trojan:win32/Fethar.A!cl
with a [link ](https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?nam... MS' malware detection center.
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#issuecomment-202220788
Closed #978.
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#event-604789623
Reopened #978.
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#event-604789671
@eht16 could it be related to the non-msys binaries included (grep, etc) ?
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#issuecomment-202227034
I have just tried rebooting into Windows (10, 64-bit). I made sure Windows Defender had up-to-date virus definitions and scanned the installer `.exe` files as well I extracted the installer with GTK+ using 7-zip and ran a scan on the files inside (I think Windows Defender already looked inside but just to be sure). I also updated and check the same with Malwarebytes free version.
Neither of them reports any problems.
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#issuecomment-202559281
The download was also analysed by [Virus Total](https://www.virustotal.com) which found no problems.
@psccox are you sure your virus signatures are up to date?
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#issuecomment-202633692
I just tried again with the same virus detected.
I am running 64bit Windows version 10.0.10586, with the latest definitions from Windows Defender, which is automatically invoked when downloading in Google Chrome.
I am downloading directly from [the website](http://www.geany.org/Download/Releases), i.e. the [download link](http://download.geany.org/geany-1.27_setup.exe) Full Installer including GTK 2.24
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#issuecomment-202641869
@psccox can you test the downloaded file outside of chrome.
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#issuecomment-202651119
Well I don't have wget or similar on this PC. Firefox and Edge both flag it too.
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#issuecomment-202651921
I have no idea why @psccox 's system think the file is affected.
I just checked the MD5 hash of the file available on http://download.geany.org/geany-1.27_setup.exe with the hash mentioned in http://download.geany.org/MD5SUMS and they match. According to the filesystem, both files have not been modified since the release (though that doesn't mean too much as filesystem dates are too easy to manipulate).
Additionally, I checked the included digital signatures of the file (downloaded freshly from download.geany.org) and they are intact (that's a Windows thing, basically the installer binaries as well as geany.exe and Geany-related .dll files are signed with my cacert.org SSL certificate). I cannot find any hint of "being compromised".
If at all, my Windows system I used to build the binaries was already compromised but it didn't happen afterwards.
@codebrainz I would not expect the self-compiled grep.exe to be a possible reason, rather the downloaded sort.exe (see http://pastebin.geany.org/T8CxF/). But good idea anyway.
@elextr what hashes do we need? We have MD5 and SHA256 of the installer binary on download.geany.org, additionally the installer and all binaries included (except MSYS2 provided, sort.exe and grep.exe) are digitally signed using a Microsoft tool, those signatures can easily be verified with Windows Explorer.
@psccox any chance to execute the installer and check whether Windows Defender will then complain about a particular file included in the installer? This would require a somewhat safe, isolated Windows system or just trusting us.
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#issuecomment-206486006
...
@elextr https://github.com/elextr what hashes do we need? We have MD5 and SHA256 of the installer binary on download.geany.org, additionally the installer and all binaries included (except MSYS2 provided, sort.exe and grep.exe) are digitally signed using a Microsoft tool, those signatures can easily be verified with Windows Explorer.
Ok, all it needs is for the hashes to be linked from here
http://www.geany.org/Download/Releases like the source signatures are. The only visible link from the releases page to the download page talks about old versions, so I expect most users (and I) would not look on the download page itself.
You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/geany/geany/issues/978#issuecomment-206486006
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#issuecomment-206640632
Closed #978.
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#event-617831358
Dear team,
I tried downloading 1.27 again and today Windows Defender did not complain. It installed okay.
It was definitely a problem last week, downloading from several different browsers. Maybe a glitch in their virus definitions?
sorry for the fuss.
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#issuecomment-206696134
Having in mind how "viruses are found" its nothing more than a good guessing.
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/978#issuecomment-206704864
github-comments@lists.geany.org