[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Resolved -- false positive] Re: virus in colibriOS QEMU is
From: |
Kashyap Chamarthy |
Subject: |
[Qemu-devel] [Resolved -- false positive] Re: virus in colibriOS QEMU iso? |
Date: |
Fri, 23 Dec 2016 13:43:42 +0100 |
User-agent: |
Mutt/1.6.0.1 (2016-04-01) |
On Fri, Dec 23, 2016 at 11:25:18AM +0100, Thomas Huth wrote:
> On 23.12.2016 10:20, Kashyap Chamarthy wrote:
[...]
> > Yes, I can confirm that I have downloaded the ISO from the
> > official website -- it's a nightly build of their
> > SVN revision 6766.
>
> OK, as far as I can see, the issue comes from the setmbr.exe that is
> contained in the iso for writing the KolibriOS to an USB stick.
> According to http://board.kolibrios.org/viewtopic.php?t=2295 the report
> from Avira is a false positive (likely caused because the program tries
> to write to the MBR - which is also what some viruses / trojans are doing).
Phew, indeed it's a false positive. To quote verbatim from the above
thread, for the record:
"The program setmbr.exe modifies MBR of USB flash drives or
(optionally) hard disks, to allow them load KolibriOS. Usually
programs that modify MBR are viruses - that's why your [Avast]
antivirus reported it."
> Anyway, since these Windows tools are not required for running
> KolibriOS in a VM, I've now removed them from the iso image and
> uploaded a new version to avoid future confusion:
>
> http://www.qemu-advent-calendar.org/2016/download/day09-v2.tar.xz
Thanks, Thomas, for the swift response while I was AFK. Glad that we're
two people coordinating this.
> If you've got some spare minutes, it would be great if you could give
> that new version another try to see whether the warning from Avira is
> now properly gone (I don't have a Windows here to test this on my own).
Yeah, I don't have Windows either to test. But good that this is just a
false positive from an overly-paranoid tool.
--
/kashyap