Trellix security has reported a trojan in file postgis-bundle-pg15x64-setup-3.4.2-1.exe
Regina Obe
lr at pcorp.us
Wed Sep 11 22:06:55 PDT 2024
> "Okken, James CIV USARMY DEVCOM AC (USA)" <james.okken.civ at army.mil>
> writes:
>
> > My Trellix secuirty program (Mcafee) has reported a trojan in posgis
3.4.2
> installer file "postgis-bundle-pg15x64-setup-3.4.2-1.exe"
> >
> > This is as downloaded from either of these locations.
> > https://download.osgeo.org/postgis/windows/pg15/postgis-bundle-
> pg15x64
> > -setup-3.4.2-1.exe
> > or
> > https://ftp.postgresql.org/pub/postgis/pg15/v3.4.2/win64/postgis-bundl
> > e-pg15x64-setup-3.4.2-1.exe
> >
> > Attached is a screenshot of Trellix's detections, 1 per my attempt to
> download the file.
> > I double confirmed that the previous postgis version 3.4.1 does not have
> this trojan detected. That is file
"postgis-bundle-pg15x64-setup-3.4.1-1.exe"
> is good.
>
> Please file a support request with Trellix and ask them to either fix
their
> detection or to explain in particular what is present, in enough
> detail that the accusation is credible. False positives from
> anti-virus programs happen all the time. It is always possible that
> there really is malware, but I cannot remember that actually happening
within
> postgis.
Greg,
Thanks for chiming in on this. Just got back from foss4gna so catching up
on emails.
James,
Someone complained about Trellix false positive on windows binaries on
PostGIS IRC/Matrix channel as well a couple of weeks ago. Though I recall it
marked even 3.4.1 as malware or infected at the time.
The Detection Name: Artemis -- is the name they give for their heuristic
detection system which seems to be highly prone to false positives.
So it's not the true name of any real known virus or malware, just some AI
thing saying "I think this could be dangerous"
For example you can see here -
https://kcm.trellix.com/corporate/index?page=content&id=KB97027&locale=en_US
how Artemis marks even common Linux files as infected.
I tend to not believe virus / malware detection tools if
a) No other tool detects it as infected
b) The virus/malware noted , is code name some "Heuristic" detection
unspecified malware
Thanks,
Regina
More information about the postgis-devel
mailing list