From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Jeffrey Sondeen Newsgroups: gmane.emacs.bugs Subject: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check Date: Wed, 23 May 2018 23:04:55 +0000 Message-ID: References: <85o9h61c6o.fsf@usc.edu>, , NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="_000_SN1PR07MB4062BB08AC1187361F5B947FBD6B0SN1PR07MB4062namp_" X-Trace: blaine.gmane.org 1527116649 30771 195.159.176.226 (23 May 2018 23:04:09 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 23 May 2018 23:04:09 +0000 (UTC) Cc: "31572@debbugs.gnu.org" <31572@debbugs.gnu.org> To: Noam Postavsky Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu May 24 01:04:05 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fLcnc-0007uk-Ib for geb-bug-gnu-emacs@m.gmane.org; Thu, 24 May 2018 01:04:04 +0200 Original-Received: from localhost ([::1]:35768 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fLcpj-0001gM-KQ for geb-bug-gnu-emacs@m.gmane.org; Wed, 23 May 2018 19:06:15 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33551) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fLcpb-0001Wk-69 for bug-gnu-emacs@gnu.org; Wed, 23 May 2018 19:06:08 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fLcpX-0001Da-0G for bug-gnu-emacs@gnu.org; Wed, 23 May 2018 19:06:07 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:37831) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fLcpW-0001DV-SR for bug-gnu-emacs@gnu.org; Wed, 23 May 2018 19:06:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fLcpW-0007DW-G5 for bug-gnu-emacs@gnu.org; Wed, 23 May 2018 19:06:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Jeffrey Sondeen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 23 May 2018 23:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 31572 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 31572-submit@debbugs.gnu.org id=B31572.152711670727669 (code B ref 31572); Wed, 23 May 2018 23:06:02 +0000 Original-Received: (at 31572) by debbugs.gnu.org; 23 May 2018 23:05:07 +0000 Original-Received: from localhost ([127.0.0.1]:45728 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fLcoY-0007By-2r for submit@debbugs.gnu.org; Wed, 23 May 2018 19:05:07 -0400 Original-Received: from mx0a-00164701.pphosted.com ([67.231.149.15]:57972 helo=mx0b-00164701.pphosted.com) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fLcoV-0007Be-Gk for 31572@debbugs.gnu.org; Wed, 23 May 2018 19:05:00 -0400 Original-Received: from pps.filterd (m0085735.ppops.net [127.0.0.1]) by mx0b-00164701.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4NN2YMI004408; Wed, 23 May 2018 16:04:58 -0700 Original-Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp0051.outbound.protection.outlook.com [207.46.163.51]) by mx0b-00164701.pphosted.com with ESMTP id 2j4u8hsfmc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 23 May 2018 16:04:58 -0700 Original-Received: from SN1PR07MB4062.namprd07.prod.outlook.com (52.132.198.28) by SN1PR07MB2318.namprd07.prod.outlook.com (10.169.127.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.776.16; Wed, 23 May 2018 23:04:55 +0000 Original-Received: from SN1PR07MB4062.namprd07.prod.outlook.com ([fe80::8532:addf:9abd:d3d4]) by SN1PR07MB4062.namprd07.prod.outlook.com ([fe80::8532:addf:9abd:d3d4%13]) with mapi id 15.20.0797.011; Wed, 23 May 2018 23:04:55 +0000 Thread-Topic: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check Thread-Index: AQHT8sB55pKDCEWE802SGgSdCT1tpqQ9peyAgAAYT0yAACdvLg== In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [2600:1700:5d80:3720:5cdd:a2a7:eb3e:c4e0] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; SN1PR07MB2318; 7:1KHgbCkdSzxgWB1BB5oeOH/Bh5MfBt0YH7So0Wg6QxLywe+3j3Hr+ixDHx8kz55hVD0LbzrsUPo1+s2sGNRNudUBpNpHH5cDd/q0MvRPTRR7w85CJNr+XQAza7wYKj8vi7f2l50rYoWk1l5bx07iVLdCtJlLSHpIWj0f2DI5hS907nhizozmtJqktAPV2DD6OxklMwp9DOfgSw2tegBCP2xINhprX4Yjs1AjyVBRbThjpvwEgUKlV5WXgQ+u/9tC x-ms-exchange-antispam-srfa-diagnostics: SOS; x-microsoft-antispam: UriScan:(152953660613306); BCL:0; PCL:0; RULEID:(7020095)(4652020)(8989080)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(8990040)(2017052603328)(7153060)(7193020); SRVR:SN1PR07MB2318; x-ms-traffictypediagnostic: SN1PR07MB2318: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(10436049006162)(137094920097693)(22074186197030)(192374486261705)(258766100185102)(85827821059158)(152953660613306)(155532106045638)(211171220733660); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(3231254)(944501410)(52105095)(10201501046)(93006095)(93001095)(149027)(150027)(6041310)(20161123564045)(20161123558120)(201703131423095)(201702281529075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(6072148)(201708071742011)(7699016); SRVR:SN1PR07MB2318; BCL:0; PCL:0; RULEID:; SRVR:SN1PR07MB2318; x-forefront-prvs: 06818431B9 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(396003)(39380400002)(39860400002)(366004)(346002)(199004)(189003)(53754006)(51914003)(6506007)(786003)(5660300001)(102836004)(186003)(14454004)(53546011)(966005)(478600001)(3280700002)(99286004)(3660700001)(75432002)(88552002)(33656002)(105586002)(86362001)(59450400001)(1411001)(76176011)(6116002)(575784001)(68736007)(2906002)(6916009)(7696005)(7736002)(9686003)(6436002)(39060400002)(6606003)(6306002)(54896002)(236005)(25786009)(53936002)(2940100002)(4326008)(476003)(486006)(11346002)(74316002)(106356001)(446003)(8676002)(81156014)(55016002)(46003)(5250100002)(81166006)(229853002)(8936002)(6246003)(5890100001)(8558605004)(19627405001)(606006)(97736004)(2900100001)(316002)(460985005); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR07MB2318; H:SN1PR07MB4062.namprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX: received-spf: None (protection.outlook.com: usc.edu does not designate permitted sender hosts) x-microsoft-antispam-message-info: lLQg+R32TQ5DJqqXhK3d1kwodXc9fWSAL2Q5npe9EJUaNCv9Y7Pw7FVIo/MhaJ8fknJXQRoR7BFLnlUJw2oLlPrycn/QDXZgOgjI9Eat3SBeBPUhO8Px8bLSxbIOTxB06c1CPabnF0BET7U7UZMn8NAbU1Fg1PjGT+eHXHojhrf3q9q4eYsxQITN+4hf//Zi spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM X-MS-Office365-Filtering-Correlation-Id: 0a9d652d-6267-40c6-4dba-08d5c1019998 X-OriginatorOrg: usc.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 0a9d652d-6267-40c6-4dba-08d5c1019998 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 May 2018 23:04:55.7345 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 9ddaaca1-389f-4cb1-a113-081be6cc25fc X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR07MB2318 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-05-23_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805230230 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:146452 Archived-At: --_000_SN1PR07MB4062BB08AC1187361F5B947FBD6B0SN1PR07MB4062namp_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi all, Norton answered that they corrected runemacs.exe, so i submitted th= e 6 other files that had the same problem, etags.exe emacsclient.exe addpm.= exe ctags.exe ebrowse.exe emacsclientw.exe, now i just have to track the on= es that got removed rather than quarantined... /jeff from Norton: falsepositives@symantec.com In relation to submission 91222. Upon further analysis and investigation we have verified your submission an= d, as such, the detection(s) for the following file(s) will be removed from= our products: File name: runemacs.exe MD5: 7A42917614CED759A404B3ABE569BFB9 SHA256: D51EBF9AB1465666C7FBC30BFDA93610879761EE0C5E89DF928853FD6B635C5= B Note: Whitelisting may take up to 24 hours to take effect via Live Upda= te ________________________________ From: Jeffrey Sondeen Sent: Wednesday, May 23, 2018 1:19:27 PM To: Noam Postavsky Cc: 31572@debbugs.gnu.org Subject: Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check Hi Noam, thanks for the link, i used it to upload some of the emacs program= s, reporting them as being falsely anti-virus detected. I also submitted s= ome of the exe's to virustotal.com, as mentioned in some other Norton commu= nity message, and none of the emacs exe's triggered any other anti-virus de= tections. It's still a hassle, though, since, while many of the emacs programs are Qu= arantined by the Norton anti-virus (and can be easily restored), some other= s are Removed, for which there's no undo operation (all with the falsely de= tected WS.Reputation.1 message). thanks, /jeff ________________________________ From: Noam Postavsky Sent: Wednesday, May 23, 2018 11:41:51 AM To: Jeffrey Sondeen Cc: 31572@debbugs.gnu.org Subject: Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check On 23 May 2018 at 14:03, Jeff Sondeen wrote: > > Hi all, i've been running Emacs version 26.091, but just downloaded > emacs-26.1-rc1-x86_64.zip, but Norton Security has quarantined several > *.exe's (runemacs.exe, etags.exe, etc) under > emacs-26.1-rc1-x86_64/bin, complaining about a virus called > "WS.Reputaton.1 Insight Network Threat" as per the attached pix (I > didn't have this problem with 26.091) According to https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__communi= ty.norton.com_en_forums_clarification-2Dwsreputation1-2Ddetection&d=3DDwIFa= Q&c=3DclK7kQUTWtAVEOVIgvi0NU5BOUHhpN0H8p7CSfnc_gI&r=3Dyx7WeBO4vNFR2eleLG4z-= w&m=3Do9Wkgj_Y9o3uwCY0WRrKyP4cX03_nVur3WsvHwtHGfY&s=3DqZ0lBbq4-JjwBbDalE5G8= WHRkRB8NKGNShuCa4iCQ44&e=3D, this warning doesn't represent a virus finding specifically: WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec=92s community of users and therefore are likely to be security risks.[...] The reputation-based system uses "the wisdom of crowds"[...] --_000_SN1PR07MB4062BB08AC1187361F5B947FBD6B0SN1PR07MB4062namp_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

Hi all, Norton answered that they corrected runemacs.exe, s= o i submitted the 6 other files that had the same problem, etags= .exe emacsclient.exe addpm.exe ctags.exe ebrowse.exe emacsclientw.exe, now i just have to track the ones that got removed rathe= r than quarantined...


/jeff


from Norton:


falsepositives@symantec.com

In relation to submission 91222.

Upon further analysis and investigation we have verified yo= ur submission and, as such, the detection(s) for the following file(s) will= be removed from our products:

    File name: runemacs.exe
    MD5: 7A42917614CED759A404B3ABE569BFB9
    SHA256: D51EBF9AB1465666C7FBC30BFDA93610879761EE0C5E89DF= 928853FD6B635C5B
    Note: Whitelisting may take up to 24 hours to take effec= t via Live Update

From: Jeffrey Sondeen
Sent: Wednesday, May 23, 2018 1:19:27 PM
To: Noam Postavsky
Cc: 31572@debbugs.gnu.org
Subject: Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus c= heck
 

Hi Noam, thanks for the link, i = used it to upload some of the emacs programs, reporting them as being false= ly anti-virus detected.  I also submitted some of the exe's to virustotal.com, as mentioned in some other Norton community me= ssage, and none of the emacs exe's triggered any other anti-virus detection= s.


It's still a hassle, though, sin= ce, while many of the emacs programs are Quarantined by the Norton anti-vir= us (and can be easily restored), some others are Removed, for which th= ere's no undo operation (all with the falsely detected WS.Reputation.1 message).


thanks,

/jeff

From: Noam Postavsky <= npostavs@gmail.com>
Sent: Wednesday, May 23, 2018 11:41:51 AM
To: Jeffrey Sondeen
Cc: 31572@debbugs.gnu.org
Subject: Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus c= heck
 
On 23 May 2018 at 14:03, Jeff Sondeen <sondee= n@usc.edu> wrote:
>
> Hi all, i've been running Emacs version 26.091, but just downloaded > emacs-26.1-rc1-x86_64.zip, but Norton Security has quarantined several=
> *.exe's (runemacs.exe, etags.exe, etc) under
> emacs-26.1-rc1-x86_64/bin, complaining about a virus called
> "WS.Reputaton.1 Insight Network Threat" as per the attached = pix (I
> didn't have this problem with 26.091)

According to https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__community.norton.com= _en_forums_clarification-2Dwsreputation1-2Ddetection&d=3DDwIFaQ&c= =3DclK7kQUTWtAVEOVIgvi0NU5BOUHhpN0H8p7CSfnc_gI&r=3Dyx7WeBO4vNFR2eleLG4z= -w&m=3Do9Wkgj_Y9o3uwCY0WRrKyP4cX03_nVur3WsvHwtHGfY&s=3DqZ0lBbq4-Jjw= BbDalE5G8WHRkRB8NKGNShuCa4iCQ44&e=3D,
this warning doesn't represent a virus finding specifically:

    WS.Reputation.1 is a detection for files that have a low=
    reputation score based on analyzing data from Symantec= =92s community
    of users and therefore are likely to be security risks.[= ...]

    The reputation-based system uses "the wisdom of cro= wds"[...]
--_000_SN1PR07MB4062BB08AC1187361F5B947FBD6B0SN1PR07MB4062namp_--