GNU bug report logs - #31572
26.0.91; emacs-26.1 RC1 fails norton virus check

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 31572 in the body.
You can then email your comments to 31572 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Jeff Sondeen <sondeen <at> usc.edu>
To: bug-gnu-emacs <at> gnu.org
Cc: sondeen <at> usc.edu
Subject: 26.0.91; emacs-26.1 RC1 fails norton virus check
Date: Wed, 23 May 2018 11:03:59 -0700

[Message part 1 (text/plain, inline)]

Hi all, i've been running Emacs version 26.091, but just downloaded
emacs-26.1-rc1-x86_64.zip, but Norton Security has quarantined several
*.exe's (runemacs.exe, etags.exe, etc) under
emacs-26.1-rc1-x86_64/bin, complaining about a virus called
"WS.Reputaton.1 Insight Network Threat" as per the attached pix (I
didn't have this problem with 26.091)

thanks,
/jeff

[emacs261rc1.jpg (image/jpeg, attachment)]

[Message part 3 (text/plain, inline)]

In GNU Emacs 26.0.91 (build 1, x86_64-w64-mingw32)
 of 2018-01-22 built on CIRROCUMULUS
Repository revision: 752fba992b793a74d202c9cfc3e1a92fd458e748
Windowing system distributor 'Microsoft Corp.', version 6.3.9600
Recent messages:
Loading sort...done
Loading register.elc...done
Sunrise 5:49am (Pacific Daylight Time), sunset 7:53pm (Pacific Daylight Time) at 34N, 118.5W (14:04 hrs daylight)
For information about GNU Emacs and the GNU system, type C-h C-a.
Counting messages...done

Configured using:
 'configure --without-dbus --host=x86_64-w64-mingw32
 --without-compress-install 'CFLAGS=-O2 -static -g3''

Configured features:
XPM JPEG TIFF GIF PNG RSVG SOUND NOTIFY ACL GNUTLS LIBXML2 ZLIB
TOOLKIT_SCROLL_BARS LCMS2

Important settings:
  value of $LANG: ENU
  locale-coding-system: cp1252

Major mode: RMAIL

Minor modes in effect:
  tooltip-mode: t
  global-eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  buffer-read-only: t
  line-number-mode: t
  transient-mark-mode: t

Load-path shadows:
None found.

Features:
(shadow mailalias emacsbug sendmail shr-color color url-util url-parse
auth-source cl-seq eieio eieio-core cl-macs eieio-loaddefs url-vars
shr svg xml dom browse-url qp rmailmm message rmc puny seq byte-opt gv
bytecomp byte-compile cconv cl-loaddefs cl-lib dired dired-loaddefs
format-spec rfc822 mml mml-sec password-cache epa derived epg
epg-config gnus-util mm-decode mm-bodies mm-encode gmm-utils
mailheader mail-parse rfc2231 rmail rmail-loaddefs rfc2047 rfc2045
ietf-drums mm-util mail-prsvr mail-utils mailabbrev solar cal-dst
cal-menu easymenu calendar cal-loaddefs sort time-date mule-util
tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type
mwheel dos-w32 ls-lisp disp-table term/w32-win w32-win w32-vars
term/common-win tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page menu-bar rfn-eshadow isearch timer select
scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang
vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932
hebrew greek romanian slovak czech european ethiopic indian cyrillic
chinese composite charscript charprop case-table epa-hook
jka-cmpr-hook help simple abbrev obarray minibuffer cl-preloaded
nadvice loaddefs button faces cus-face macroexp files text-properties
overlay sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote w32notify w32 lcms2 multi-tty
make-network-process emacs)

Memory information:
((conses 16 132877 18569)
 (symbols 56 21677 1)
 (miscs 48 169 216)
 (strings 32 35347 923)
 (string-bytes 1 976509)
 (vectors 16 17176)
 (vector-slots 8 525350 13054)
 (floats 8 577 206)
 (intervals 56 2609 276)
 (buffers 992 12))


-- 

thanks,
/jeff

Message #10 received at 31572-done <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: sondeen <at> usc.edu
Cc: 31572-done <at> debbugs.gnu.org
Subject: Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check
Date: Wed, 23 May 2018 21:26:42 +0300

> Date: Wed, 23 May 2018 11:03:59 -0700
> From: Jeff Sondeen <sondeen <at> usc.edu>
> 
> Hi all, i've been running Emacs version 26.091, but just downloaded
> emacs-26.1-rc1-x86_64.zip, but Norton Security has quarantined several
> *.exe's (runemacs.exe, etags.exe, etc) under
> emacs-26.1-rc1-x86_64/bin, complaining about a virus called
> "WS.Reputaton.1 Insight Network Threat" as per the attached pix (I
> didn't have this problem with 26.091)

That's a false alarm, suggest that you tell Norton Security about that
so that they get their act together.

Thanks.

Message #13 received at 31572 <at> debbugs.gnu.org (full text, mbox):

From: Noam Postavsky <npostavs <at> gmail.com>
To: sondeen <at> usc.edu
Cc: 31572 <at> debbugs.gnu.org
Subject: Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check
Date: Wed, 23 May 2018 14:41:51 -0400

On 23 May 2018 at 14:03, Jeff Sondeen <sondeen <at> usc.edu> wrote:
>
> Hi all, i've been running Emacs version 26.091, but just downloaded
> emacs-26.1-rc1-x86_64.zip, but Norton Security has quarantined several
> *.exe's (runemacs.exe, etags.exe, etc) under
> emacs-26.1-rc1-x86_64/bin, complaining about a virus called
> "WS.Reputaton.1 Insight Network Threat" as per the attached pix (I
> didn't have this problem with 26.091)

According to https://community.norton.com/en/forums/clarification-wsreputation1-detection,
this warning doesn't represent a virus finding specifically:

    WS.Reputation.1 is a detection for files that have a low
    reputation score based on analyzing data from Symantec’s community
    of users and therefore are likely to be security risks.[...]

    The reputation-based system uses "the wisdom of crowds"[...]

Message #16 received at 31572 <at> debbugs.gnu.org (full text, mbox):

From: Jeffrey Sondeen <sondeen <at> usc.edu>
To: Noam Postavsky <npostavs <at> gmail.com>
Cc: "31572 <at> debbugs.gnu.org" <31572 <at> debbugs.gnu.org>
Subject: Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check
Date: Wed, 23 May 2018 20:19:27 +0000

[Message part 1 (text/plain, inline)]

Hi Noam, thanks for the link, i used it to upload some of the emacs programs, reporting them as being falsely anti-virus detected.  I also submitted some of the exe's to virustotal.com, as mentioned in some other Norton community message, and none of the emacs exe's triggered any other anti-virus detections.


It's still a hassle, though, since, while many of the emacs programs are Quarantined by the Norton anti-virus (and can be easily restored), some others are Removed, for which there's no undo operation (all with the falsely detected WS.Reputation.1 message).


thanks,

/jeff

________________________________
From: Noam Postavsky <npostavs <at> gmail.com>
Sent: Wednesday, May 23, 2018 11:41:51 AM
To: Jeffrey Sondeen
Cc: 31572 <at> debbugs.gnu.org
Subject: Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check

On 23 May 2018 at 14:03, Jeff Sondeen <sondeen <at> usc.edu> wrote:
>
> Hi all, i've been running Emacs version 26.091, but just downloaded
> emacs-26.1-rc1-x86_64.zip, but Norton Security has quarantined several
> *.exe's (runemacs.exe, etags.exe, etc) under
> emacs-26.1-rc1-x86_64/bin, complaining about a virus called
> "WS.Reputaton.1 Insight Network Threat" as per the attached pix (I
> didn't have this problem with 26.091)

According to https://urldefense.proofpoint.com/v2/url?u=https-3A__community.norton.com_en_forums_clarification-2Dwsreputation1-2Ddetection&d=DwIFaQ&c=clK7kQUTWtAVEOVIgvi0NU5BOUHhpN0H8p7CSfnc_gI&r=yx7WeBO4vNFR2eleLG4z-w&m=o9Wkgj_Y9o3uwCY0WRrKyP4cX03_nVur3WsvHwtHGfY&s=qZ0lBbq4-JjwBbDalE5G8WHRkRB8NKGNShuCa4iCQ44&e=,
this warning doesn't represent a virus finding specifically:

    WS.Reputation.1 is a detection for files that have a low
    reputation score based on analyzing data from Symantec’s community
    of users and therefore are likely to be security risks.[...]

    The reputation-based system uses "the wisdom of crowds"[...]

[Message part 2 (text/html, inline)]

Message #19 received at 31572 <at> debbugs.gnu.org (full text, mbox):

From: Jeffrey Sondeen <sondeen <at> usc.edu>
To: Noam Postavsky <npostavs <at> gmail.com>
Cc: "31572 <at> debbugs.gnu.org" <31572 <at> debbugs.gnu.org>
Subject: Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check
Date: Wed, 23 May 2018 23:04:55 +0000

[Message part 1 (text/plain, inline)]

Hi all, Norton answered that they corrected runemacs.exe, so i submitted the 6 other files that had the same problem, etags.exe emacsclient.exe addpm.exe ctags.exe ebrowse.exe emacsclientw.exe, now i just have to track the ones that got removed rather than quarantined...


/jeff


from Norton:


falsepositives <at> symantec.com

In relation to submission 91222.


Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

    File name: runemacs.exe
    MD5: 7A42917614CED759A404B3ABE569BFB9
    SHA256: D51EBF9AB1465666C7FBC30BFDA93610879761EE0C5E89DF928853FD6B635C5B
    Note: Whitelisting may take up to 24 hours to take effect via Live Update

________________________________
From: Jeffrey Sondeen
Sent: Wednesday, May 23, 2018 1:19:27 PM
To: Noam Postavsky
Cc: 31572 <at> debbugs.gnu.org
Subject: Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check


Hi Noam, thanks for the link, i used it to upload some of the emacs programs, reporting them as being falsely anti-virus detected.  I also submitted some of the exe's to virustotal.com, as mentioned in some other Norton community message, and none of the emacs exe's triggered any other anti-virus detections.


It's still a hassle, though, since, while many of the emacs programs are Quarantined by the Norton anti-virus (and can be easily restored), some others are Removed, for which there's no undo operation (all with the falsely detected WS.Reputation.1 message).


thanks,

/jeff

________________________________
From: Noam Postavsky <npostavs <at> gmail.com>
Sent: Wednesday, May 23, 2018 11:41:51 AM
To: Jeffrey Sondeen
Cc: 31572 <at> debbugs.gnu.org
Subject: Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check

On 23 May 2018 at 14:03, Jeff Sondeen <sondeen <at> usc.edu> wrote:
>
> Hi all, i've been running Emacs version 26.091, but just downloaded
> emacs-26.1-rc1-x86_64.zip, but Norton Security has quarantined several
> *.exe's (runemacs.exe, etags.exe, etc) under
> emacs-26.1-rc1-x86_64/bin, complaining about a virus called
> "WS.Reputaton.1 Insight Network Threat" as per the attached pix (I
> didn't have this problem with 26.091)

According to https://urldefense.proofpoint.com/v2/url?u=https-3A__community.norton.com_en_forums_clarification-2Dwsreputation1-2Ddetection&d=DwIFaQ&c=clK7kQUTWtAVEOVIgvi0NU5BOUHhpN0H8p7CSfnc_gI&r=yx7WeBO4vNFR2eleLG4z-w&m=o9Wkgj_Y9o3uwCY0WRrKyP4cX03_nVur3WsvHwtHGfY&s=qZ0lBbq4-JjwBbDalE5G8WHRkRB8NKGNShuCa4iCQ44&e=,
this warning doesn't represent a virus finding specifically:

    WS.Reputation.1 is a detection for files that have a low
    reputation score based on analyzing data from Symantec’s community
    of users and therefore are likely to be security risks.[...]

    The reputation-based system uses "the wisdom of crowds"[...]

[Message part 2 (text/html, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.