|
OpenBSD Installation and Upgrading Installing and upgrading OpenBSD. |
|
Thread Tools | Display Modes |
|
|||
install58.fs snapshot
I just downloaded install58.fs snapshot from http://mirror.esc7.net/pub/OpenBSD/snapshots/amd64/ and it was quarantined because it contains a trojan.
Also tried http://mirrors.mit.edu/pub/OpenBSD/snapshots/amd64/ 360 Total Security The downloaded file contains a Trojan virus. It has been quarantined. Trojan file: install58.fs Trojan (HEUR/QVM00.1.Malware.Gen) Last edited by gpatrick; 26th November 2015 at 11:29 PM. |
|
|||
Maybe it is false positive?
Use signify to check file. Something like that cd /where/your/install58.fsIsLocated signify -C ... (check in manual, I am on Windows sorry) |
|
|||
I downloaded it on Windows. Yesterday I downloaded 5.8 i386 from the first URL and it didn't get quarantined.
I just downloaded 5.8 release from http://openbsd.mirrorcatalogs.com/pu...BSD/5.8/amd64/ and it wasn't quarantined. So my assumption is that it is a valid finding. Last edited by gpatrick; 27th November 2015 at 12:19 AM. |
|
|||
The developers have implemented signatures and sha256 hashes.
Code:
-rw-r--r-- 1 1007 5000 1989 Nov 26 19:43 SHA256 -rw-r--r-- 1 1007 5000 2152 Nov 26 19:43 SHA256.sig less SHA256.sig Code:
ftp> less SHA256.sig untrusted comment: signature from openbsd 5.8 base secret key RWQNNZXtC/MqPxOJSMddVcMfipkrFBe1KOQcLrsfAr5hZzB20SUKR20ff3jMo94VUEsUi6jNZKsYqyyT4or9Oeu3oPQ0srUW2QQ= SHA256 (BOOTIA32.EFI) = 275a7d12f2e442039db98a66bfb0b1e35976d646d9a4217ab879627ae58884ba SHA256 (BOOTX64.EFI) = ec0527e7749330541b9898e0c7985fb9e505ce91f9a0a2707d0172be303a7cb0 SHA256 (BUILDINFO) = 6d31935567d92f382111c2d4a533cf41668822113009bb2c8612351ecd1ed8cc SHA256 (INSTALL.amd64) = 2cb9da2958186e5b1add5e0f8dec9086a8113daa97a622f1d0d3369cd61c7e6a SHA256 (base58.tgz) = 46b4abe3854b52a390436bf72deb3e7ed915c95c8d4313a930e251f9020ef155 SHA256 (bsd) = b989b574c2029703fe04d5b37b0f4773e6c7c5259d9dff84d8ac76b655bf3f05 SHA256 (bsd.mp) = 7cf610559b040f608083a87284342c6f9db542e7dc25435fdb8e8e06517a8024 SHA256 (bsd.rd) = eabbcb9b648d819aef8ceaa065c321a8fbe985da8e9b7b24c0ff0ec8ef259a02 SHA256 (cd58.iso) = 725f32b3fecab9947093d5e10e77f4edd3a5dbbbf8e4636f7dfbbcd5514f23cc SHA256 (cdboot) = 1c96af52a267cc8e3fd9f291283bceb3a7c21e9201ec7a631236a1168c8003a8 SHA256 (cdbr) = 15939b15e91b536fa85f0a4b80ca52363a071ac18466f9a5889cc465bf05606c byte 1098 |
|
||||
What I have downloaded is a 280 MB file dated 26-Nov-2015 20:57 according to the link provided in your top post.
If that is the file you have, you should download SHA256.sig and conduct this simple cryptographic verification test: $ signify -Cp /etc/signify/openbsd-58-base.pub -x SHA256.sig install58.fs You will note that the crytographic signature in the SHA256.sig file is confirmed to have come from the OpenBSD Project, as the second line in the file contains the signature. The SHA256 checksum for the installation media image is then tested. I'm betting false positive from your virus scanner. Have you seen the list of files which this virus produces? They are Windows-specific. --- If you upgrade from snapshot to snapshot by booting bsd.rd, rather than by downloading installation media, signfiy(8) will be used by the upgrade script to verify each kernel and fileset automatically. The only time you'll need to run signfiy(8) yourself is when -current gets renamed from 5.8-current to 5.9-current. And the 5.9 public keys were added to the /etc/signify directory prior to 5.8-release. Last edited by jggimi; 27th November 2015 at 04:50 AM. Reason: typo in the example command, clarity |
|
|||
I downloaded using OpenBSD this time and verified the signature. But why doesn't the 5.8 release and 5.8 i386 show the Trojan virus when downloading from Windows and just the snapshot?
|
|
||||
You have a false positive. You ask, "Why?:" There is a bit pattern in the file you have tested which your antivirus software flags as this particular virus.
https://en.wikipedia.org/wiki/Antivi...alse_positives I recommend opening a trouble ticket with your antivirus vendor. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
snapshot, current, sysmerge | fstef | OpenBSD General | 3 | 3rd March 2015 03:32 PM |
Snapshot problem | J65nko | OpenBSD Installation and Upgrading | 8 | 1st January 2015 05:58 AM |
help to understand snapshot | fstef | OpenBSD Installation and Upgrading | 15 | 24th November 2013 02:39 PM |
Snapshot | majkelos | OpenBSD Installation and Upgrading | 4 | 21st October 2011 08:08 PM |
Best way to upgrade from -release to snapshot | Carpetsmoker | OpenBSD General | 5 | 26th July 2009 08:51 PM |