Do you own a Debenu Quick PDF Library version 7, 8, 9, 10, 11, 12, 13 or iSEDQuickPDF license? Upgrade to Debenu Quick PDF Library 14 today!

Debenu Quick PDF Library - PDF SDK Community Forum Homepage
Forum Home Forum Home > For Users of the Library > General Discussion
  New Posts New Posts RSS Feed - Trojan warning with AVG
  FAQ FAQ  Forum Search   Register Register  Login Login

Trojan warning with AVG

 Post Reply Post Reply
Author
Message
bone View Drop Down
Team Player
Team Player


Joined: 10 Jan 06
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote bone Quote  Post ReplyReply Direct Link To This Post Topic: Trojan warning with AVG
    Posted: 31 Oct 06 at 2:50PM
The makers of AVG, in their infinite wisdom, now classify some versions of the ised.dll as a Trojan:
virus found in C:\windows\system32\ised.dll Trojan horse Generic2.FTT

This was confirmed using:
AVG 7.5.427 virus base 268.13.18/506 dated 30/10/06.

Just a heads up, I believe that signing the DLL with a digital cert should fix the problem as this is most likely just a hash issue.

Edited by bone
Back to Top
bone View Drop Down
Team Player
Team Player


Joined: 10 Jan 06
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote bone Quote  Post ReplyReply Direct Link To This Post Posted: 31 Oct 06 at 3:22PM
Well.. it appears that 5.11 "has the virus" however 5.14 doesn't trigger it..

Edited by bone
Back to Top
Michel_K17 View Drop Down
Newbie
Newbie
Avatar
www.exp-systems.com

Joined: 25 Jan 03
Status: Offline
Points: 297
Post Options Post Options   Thanks (0) Thanks(0)   Quote Michel_K17 Quote  Post ReplyReply Direct Link To This Post Posted: 04 Nov 06 at 2:06PM
I agree that "signing the DLL with a digital cert" but that requires:
  • Money to purchase a certificate
  • Proof of Identity (not sure how I can do that for this group)


I am not saying that it would be impossible. Definitely worth considering for the future. it would be a lot easier if we were the "owners" of the code - which we are not.
Michel
Back to Top
bone View Drop Down
Team Player
Team Player


Joined: 10 Jan 06
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote bone Quote  Post ReplyReply Direct Link To This Post Posted: 14 Nov 06 at 2:02AM
Signing the DLL did not help in fact (stupid AVG).

In any case, I have contacted AVG and then have corrected the issue.

Certs are somewhat cheap, and will most or less be required for any software you want to install in Vista as otherwise big red flags will be raised.
Back to Top
Pirmin View Drop Down
Team Player
Team Player
Avatar

Joined: 28 Nov 05
Status: Offline
Points: 28
Post Options Post Options   Thanks (0) Thanks(0)   Quote Pirmin Quote  Post ReplyReply Direct Link To This Post Posted: 14 Nov 06 at 4:06PM

Hi bone

I'm interested in some more information about that cert stuff.
Where can I sign a software and what would it cost.
Would you mind to provide some links?

Best Regards
Pirmin

Back to Top
bone View Drop Down
Team Player
Team Player


Joined: 10 Jan 06
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote bone Quote  Post ReplyReply Direct Link To This Post Posted: 15 Nov 06 at 12:02AM
Code signing can be done with any General Pupose cert or Code signing certificate. It basically is just to sign exe and dll files.
Our company uses Thwate, one of the original root certs doing code signing, along with Veri$ign (they were the only 2 for a long time)
http://www.thawte.com/ssl-digital-certificates/code-signing/index.html

Geotrust sells them too:
http://geotrust.com/products/signing_services/code_signing.asp
I'me never been impressed with Geotrust, so we don't use them.

And of course, if you can afford it, Verisign is the obvious choice:
http://www.verisign.com/products-services/security-services/code-signing/digital-ids-code-signing/index.html

Personally, Thwate is a good mix of price and acceptability. Non-signed exes and installers will raise flags in XP SP2 and Vista (more obvious in Vista) that the file is from an unknown source. It is becoming standard practice to sign all packages to auth. its origin (e.g. your company)
Back to Top
Pirmin View Drop Down
Team Player
Team Player
Avatar

Joined: 28 Nov 05
Status: Offline
Points: 28
Post Options Post Options   Thanks (0) Thanks(0)   Quote Pirmin Quote  Post ReplyReply Direct Link To This Post Posted: 16 Nov 06 at 12:01AM
Thank you, with your info I have found other interesting links.
www.matthew-jones.com/articles/codesigning.html
http://en.wikipedia.org/wiki/CAcert.org
Back to Top
bone View Drop Down
Team Player
Team Player


Joined: 10 Jan 06
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote bone Quote  Post ReplyReply Direct Link To This Post Posted: 18 Nov 06 at 2:23AM
You don't NEED to use special tools to sign code, there is a tool called codesign.exe and signtool.exe that came in the Windows SDK from Microsoft which you can use to sign projects.

Some installers, such as Advanced Installer, which is what we use, supports signing your installers as you compile them.

It really is a shame that almost all projects need to be signed now, as it really is just a money making machine for cert providers... as the certs really only ensures that the company with which you are dealing made the installer... it doesn't authenticate anything ABOUT the organization (fraudulent, trying to trick users with a common name, with slight variations, etc)
Back to Top
Ingo View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 29 Oct 05
Status: Offline
Points: 3524
Post Options Post Options   Thanks (0) Thanks(0)   Quote Ingo Quote  Post ReplyReply Direct Link To This Post Posted: 18 Nov 06 at 2:45PM
Hi Chris!

There are many Windows SDKs. Which should i get to extract the sign-tools?

Best regards,
Ingo
Back to Top
bone View Drop Down
Team Player
Team Player


Joined: 10 Jan 06
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote bone Quote  Post ReplyReply Direct Link To This Post Posted: 20 Nov 06 at 1:09AM
Any will work. Win 2003 should work just fine. Please note though that signtool.exe may in a bin directory. You will most likely want to copy the exe OUT of that directory to somewhere else on your computer. The reason for this is that if you are using something like Win 2k, the dll apis in that same bin directory as signtool.exe will NOT be compatible with it. So the ref dir order being: local, system32, win, ... signtool.exe will ref the newer dll files in the same dir as it (instead of the ones it should call in your sys32 dir, causing these api functions to error. In short, do yourself a favor and copy the exe to something like ur desktop or C:\ dir (as you will need to ref it via command line).
Back to Top
Ingo View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 29 Oct 05
Status: Offline
Points: 3524
Post Options Post Options   Thanks (0) Thanks(0)   Quote Ingo Quote  Post ReplyReply Direct Link To This Post Posted: 20 Nov 06 at 1:44AM
Thanks!
If i understand right:
With this tool i can avoid the ugly vista-security-screens when starting my app?

Best regards,
Ingo
Back to Top
bone View Drop Down
Team Player
Team Player


Joined: 10 Jan 06
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote bone Quote  Post ReplyReply Direct Link To This Post Posted: 20 Nov 06 at 10:37PM
No. And this generally only works for installers (and in Win XP SP2 when running installers) and other files not installed with an MSI (as in Windows really all things should be MSI'ed these days.. there is little reason not to, older install systems are just messy, unaccountable, and often can't even repair themselves.

What signing an exe (or msi or dll or ocx or cab etc) installer or downloaded file, the "ugly" Vista warning will come up telling you that a non-trusted app wants to execute.

Having a cert gives this screen two new important things:
(1) it now displays WHO made this app as well as a link to a website you can optionally provide to give information
(2) it now allows the user the option "trust" your digital signature and hence your software in the future will NOT show that "ugly" Vista warning

In Win XP SP2, these dialogs and improvements are similar, however the dialog is smaller, less obtrusive (doesn't gray out the rest of the screen etc)
Back to Top
bone View Drop Down
Team Player
Team Player


Joined: 10 Jan 06
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote bone Quote  Post ReplyReply Direct Link To This Post Posted: 20 Nov 06 at 10:43PM
Also Ingo, I seem o have lost my password to the source area, could you pm or email it to me again.

Thanks,
Back to Top
Ingo View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 29 Oct 05
Status: Offline
Points: 3524
Post Options Post Options   Thanks (0) Thanks(0)   Quote Ingo Quote  Post ReplyReply Direct Link To This Post Posted: 21 Nov 06 at 1:42AM
Hi Chris!

It's on the way to you ;-)

Best regards,
Ingo
Back to Top
bone View Drop Down
Team Player
Team Player


Joined: 10 Jan 06
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote bone Quote  Post ReplyReply Direct Link To This Post Posted: 21 Nov 06 at 3:47PM
Thanks.
Back to Top
Mark G. View Drop Down
Beginner
Beginner


Joined: 07 Oct 11
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote Mark G. Quote  Post ReplyReply Direct Link To This Post Posted: 07 Oct 11 at 1:25AM

I think you guys should check out http://www.opswat.com/ there are 2 or 3 products that may be a match. I think that OESIS Framework at http://www.opswat.com/products/oesis-framework provides a single interface to many antivirus and AVG is in that list. Another option is, I think, Metascan at http://www.opswat.com/products/metascan which is more for ISV.
I also found that AVG is certified by OPSWAT at
http://www.opswat.com/certified.

I hope this helps.
Regards,



Edited by Mark G. - 07 Oct 11 at 1:29AM
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.01
Copyright ©2001-2014 Web Wiz Ltd.

Copyright © 2017 Debenu. Debenu Quick PDF Library is a PDF SDK. All rights reserved. AboutContactBlogSupportOnline Store