Virus in downloaded exe

Derek Atkins warlord at MIT.EDU
Tue Aug 4 14:55:57 EDT 2009 

Hi Joe,

Thank you for reporting this.  It also came up on IRC today.  This
result seems to be coming from our MySQL dependency:
mysql-connector-c-noinstall-6.0.1-win32.zip.  The MD5 that I have for
this file matches the MD5 listed for this file on the mysql site:
http://dev.mysql.com/downloads/connector/c/6.0.html so perhaps someone
should report it to them?  Clearly MySQL's file is infected or the
virus scanners are wrong.

I'm not sure what to do or tell you about this.  We just pull down
the zip and include it.  The build system is not infected, but
testing just this dependency against virustotal shows similar
results.  

Phil?

-derek

Joe Doran <joe90d at googlemail.com> writes:

> Hi,
>
> First thanks for a great project, I love my gnucash :-) !!
>
> I have download the latest beta release of 2.3.2 for testing etc.
> When I attempt to install it, Fsecure anti-virus is kicking up a fuss
> saying that libmysql.dll contains a virus called:-
> Exploit.Win32.SqlShell.i.
> Obviously I am aware that this dll is linked to mysql server/client
> most likely.
> However after passing this file thru various other scanners I have
> found other scanners are also picking it up.
> Scanning at www.virustotal.com shows 6 other scanners picking it up.
>
> The download location was:-
> http://kent.dl.sourceforge.net/project/gnucash/gnucash%20(unstable)/2.3.2/gnucash-2.3.2-setup.exe
>
> Sorry I am not on the list, so please can you reply directly.
>
> Any ideas?
>
> Thanks
> Joe.
>
> <snip>
> Antiy-AVL 2.0.3.7 2009.07.28 Exploit/Win32.SqlShell.gen
> F-Secure 8.0.14470.0 2009.07.28 Exploit.Win32.SqlShell.i
> Fortinet 3.120.0.0 2009.07.28 W32/SqlShell.I!exploit
> Kaspersky 7.0.0.125 2009.07.28 Exploit.Win32.SqlShell.i
> VBA32 3.12.10.9 2009.07.28 Exploit.Win32.SqlShell.a
> ViRobot 2009.7.28.1857 2009.07.28 Exploit.SqlShell.2491904
> File size: 2491904 bytes
> MD5...: 8631b96834a94db0c4a924ab671616d2
> SHA1..: 5e01dd74c945a8119a5dc40e4c4b8a7e29b5d0ab
> SHA256: 07d1b61ca0f63f633b0c953c1acc85946f2eda9b91cd2b5e5adddbaa33581ff7
> _______________________________________________
> gnucash-devel mailing list
> gnucash-devel at gnucash.org
> https://lists.gnucash.org/mailman/listinfo/gnucash-devel
>
>

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the gnucash-devel mailing list