[Github-comments] [geany/geany] Installer Malware (#978)

[Enrico Tröger]

I have no idea why @psccox 's system think the file is affected.

I just checked the MD5 hash of the file available on http://download.geany.org/geany-1.27_setup.exe with the hash mentioned in http://download.geany.org/MD5SUMS and they match.
According to the filesystem, both files have not been modified since the release (though that doesn't mean too much as filesystem dates are too easy to manipulate).

Additionally, I checked the included digital signatures of the file (downloaded freshly from download.geany.org) and they are intact (that's a Windows thing, basically the installer binaries as well as geany.exe and Geany-related .dll files are signed with my cacert.org SSL certificate).
I cannot find any hint of "being compromised".

If at all, my Windows system I used to build the binaries was already compromised but it didn't happen afterwards.

@codebrainz I would not expect the self-compiled grep.exe to be a possible reason, rather the downloaded sort.exe (see http://pastebin.geany.org/T8CxF/). But good idea anyway.

@elextr what hashes do we need? We have MD5 and SHA256 of the installer binary on download.geany.org, additionally the installer and all binaries included (except MSYS2 provided, sort.exe and grep.exe) are digitally signed using a Microsoft tool, those signatures can easily be verified with Windows Explorer.

@psccox any chance to execute the installer and check whether Windows Defender will then complain about a particular file included in the installer? This would require a somewhat safe, isolated Windows system or just trusting us.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/geany/geany/issues/978#issuecomment-206486006
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.geany.org/pipermail/github-comments/attachments/20160406/09cb6600/attachment.html>