Trellix security has reported a trojan in file postgis-bundle-pg15x64-setup-3.4.2-1.exe
Greg Troxel
gdt at lexort.com
Wed Sep 11 17:09:59 PDT 2024
"Okken, James CIV USARMY DEVCOM AC (USA)" <james.okken.civ at army.mil>
writes:
> My Trellix secuirty program (Mcafee) has reported a trojan in posgis 3.4.2 installer file "postgis-bundle-pg15x64-setup-3.4.2-1.exe"
>
> This is as downloaded from either of these locations.
> https://download.osgeo.org/postgis/windows/pg15/postgis-bundle-pg15x64-setup-3.4.2-1.exe
> or
> https://ftp.postgresql.org/pub/postgis/pg15/v3.4.2/win64/postgis-bundle-pg15x64-setup-3.4.2-1.exe
>
> Attached is a screenshot of Trellix's detections, 1 per my attempt to download the file.
> I double confirmed that the previous postgis version 3.4.1 does not have this trojan detected. That is file "postgis-bundle-pg15x64-setup-3.4.1-1.exe" is good.
Please file a support request with Trellix and ask them to either fix
their detection or to explain in particular what is present, in enough
detail that the accusation is credible. False positives from
anti-virus programs happen all the time. It is always possible that
there really is malware, but I cannot remember that actually happening
within postgis.
More information about the postgis-devel
mailing list