Trojan warning with AVG
Printed From: Debenu Quick PDF Library - PDF SDK Community Forum
Category: For Users of the Library
Forum Name: General Discussion
Forum Description: Discussion board for Debenu Quick PDF Library and Debenu PDF Viewer SDK
URL: http://www.quickpdf.org/forum/forum_posts.asp?TID=550
Printed Date: 23 Nov 24 at 12:31AM
Software Version: Web Wiz Forums 11.01 - http://www.webwizforums.com
Topic: Trojan warning with AVG
Posted By: bone
Subject: Trojan warning with AVG
Date Posted: 31 Oct 06 at 2:50PM
The makers of AVG, in their infinite wisdom, now classify some versions of the ised.dll as a Trojan:
virus found in C:\windows\system32\ised.dll Trojan horse Generic2.FTT
This was confirmed using:
AVG 7.5.427 virus base 268.13.18/506 dated 30/10/06.
Just a heads up, I believe that signing the DLL with a digital cert should fix the problem as this is most likely just a hash issue.
|
Replies:
Posted By: bone
Date Posted: 31 Oct 06 at 3:22PM
|
Well.. it appears that 5.11 "has the virus" however 5.14 doesn't trigger it..
|
Posted By: Michel_K17
Date Posted: 04 Nov 06 at 2:06PM
I agree that "signing the DLL with a digital cert" but that requires:
- Money to purchase a certificate
- Proof of Identity (not sure how I can do that for this group)
I am not saying that it would be impossible. Definitely worth considering for the future. it would be a lot easier if we were the "owners" of the code - which we are not.
-------------
Michel
|
Posted By: bone
Date Posted: 14 Nov 06 at 2:02AM
Signing the DLL did not help in fact (stupid AVG).
In any case, I have contacted AVG and then have corrected the issue.
Certs are somewhat cheap, and will most or less be required for any software you want to install in Vista as otherwise big red flags will be raised.
|
Posted By: Pirmin
Date Posted: 14 Nov 06 at 4:06PM
|
Hi bone
I'm interested in some more information about that cert stuff.
Where can I sign a software and what would it cost.
Would you mind to provide some links?
Best Regards
Pirmin
|
Posted By: bone
Date Posted: 15 Nov 06 at 12:02AM
Code signing can be done with any General Pupose cert or Code signing certificate. It basically is just to sign exe and dll files.
Our company uses Thwate, one of the original root certs doing code signing, along with Veri$ign (they were the only 2 for a long time)
http://www.thawte.com/ssl-digital-certificates/code-signing/index.html
Geotrust sells them too:
http://geotrust.com/products/signing_services/code_signing.asp
I'me never been impressed with Geotrust, so we don't use them.
And of course, if you can afford it, Verisign is the obvious choice:
http://www.verisign.com/products-services/security-services/code-signing/digital-ids-code-signing/index.html
Personally, Thwate is a good mix of price and acceptability. Non-signed exes and installers will raise flags in XP SP2 and Vista (more obvious in Vista) that the file is from an unknown source. It is becoming standard practice to sign all packages to auth. its origin (e.g. your company)
|
Posted By: Pirmin
Date Posted: 16 Nov 06 at 12:01AM
Thank you, with your info I have found other interesting links.
http://www.matthew-jones.com/articles/codesigning.html - www.matthew-jones.com/articles/codesigning.html
http://en.wikipedia.org/wiki/CAcert.org - http://en.wikipedia.org/wiki/CAcert.org
|
Posted By: bone
Date Posted: 18 Nov 06 at 2:23AM
You don't NEED to use special tools to sign code, there is a tool called codesign.exe and signtool.exe that came in the Windows SDK from Microsoft which you can use to sign projects.
Some installers, such as Advanced Installer, which is what we use, supports signing your installers as you compile them.
It really is a shame that almost all projects need to be signed now, as it really is just a money making machine for cert providers... as the certs really only ensures that the company with which you are dealing made the installer... it doesn't authenticate anything ABOUT the organization (fraudulent, trying to trick users with a common name, with slight variations, etc)
|
Posted By: Ingo
Date Posted: 18 Nov 06 at 2:45PM
Hi Chris!
There are many Windows SDKs. Which should i get to extract the sign-tools?
Best regards,
Ingo
|
Posted By: bone
Date Posted: 20 Nov 06 at 1:09AM
|
Any will work. Win 2003 should work just fine. Please note though that signtool.exe may in a bin directory. You will most likely want to copy the exe OUT of that directory to somewhere else on your computer. The reason for this is that if you are using something like Win 2k, the dll apis in that same bin directory as signtool.exe will NOT be compatible with it. So the ref dir order being: local, system32, win, ... signtool.exe will ref the newer dll files in the same dir as it (instead of the ones it should call in your sys32 dir, causing these api functions to error. In short, do yourself a favor and copy the exe to something like ur desktop or C:\ dir (as you will need to ref it via command line).
|
Posted By: Ingo
Date Posted: 20 Nov 06 at 1:44AM
Thanks!
If i understand right:
With this tool i can avoid the ugly vista-security-screens when starting my app?
Best regards,
Ingo
|
Posted By: bone
Date Posted: 20 Nov 06 at 10:37PM
No. And this generally only works for installers (and in Win XP SP2 when running installers) and other files not installed with an MSI (as in Windows really all things should be MSI'ed these days.. there is little reason not to, older install systems are just messy, unaccountable, and often can't even repair themselves.
What signing an exe (or msi or dll or ocx or cab etc) installer or downloaded file, the "ugly" Vista warning will come up telling you that a non-trusted app wants to execute.
Having a cert gives this screen two new important things:
(1) it now displays WHO made this app as well as a link to a website you can optionally provide to give information
(2) it now allows the user the option "trust" your digital signature and hence your software in the future will NOT show that "ugly" Vista warning
In Win XP SP2, these dialogs and improvements are similar, however the dialog is smaller, less obtrusive (doesn't gray out the rest of the screen etc)
|
Posted By: bone
Date Posted: 20 Nov 06 at 10:43PM
Also Ingo, I seem o have lost my password to the source area, could you pm or email it to me again.
Thanks,
|
Posted By: Ingo
Date Posted: 21 Nov 06 at 1:42AM
Hi Chris!
It's on the way to you ;-)
Best regards,
Ingo
|
Posted By: bone
Date Posted: 21 Nov 06 at 3:47PM
Posted By: Mark G.
Date Posted: 07 Oct 11 at 1:25AM
|
file:///C:%5CUsers%5CCLEMEN%7E1.OPS%5CAppData%5CLocal%5CTemp%5Cmsohtmlclip1%5C01%5Cclip_filelist.xml - file:///C:%5CUsers%5CCLEMEN%7E1.OPS%5CAppData%5CLocal%5CTemp%5Cmsohtmlclip1%5C01%5Cclip_colorschememapping.xml -
http://www.opswat.com/ - /
there are 2 or 3 products that may be a match. I think that OESIS Framework at http://www.opswat.com/products/oesis-framework - http://www.opswat.com/products/oesis-framework provides a single interface to many antivirus and AVG is
in that list. Another option is, I think, Metascan at http://www.opswat.com/products/metascan - http://www.opswat.com/products/metascan which is more for ISV.
I also found that AVG is certified by OPSWAT at http://www.opswat.com/certified - http://www.opswat.com/certified .
I hope this
helps.
Regards,
|
|