From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Jeffrey Sondeen <sondeen@usc.edu>
Newsgroups: gmane.emacs.bugs
Subject: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check
Date: Wed, 23 May 2018 20:19:27 +0000
Message-ID: <SN1PR07MB4062E5F69B839ACDEC6E7386BD6B0@SN1PR07MB4062.namprd07.prod.outlook.com>
References: <85o9h61c6o.fsf@usc.edu>,
	<CAM-tV--A321er=Uaxj-jHp4t3gC-ZPKmsYqP2O6HK1zEss7Apg@mail.gmail.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="_000_SN1PR07MB4062E5F69B839ACDEC6E7386BD6B0SN1PR07MB4062namp_"
X-Trace: blaine.gmane.org 1527106691 25411 195.159.176.226 (23 May 2018 20:18:11 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Wed, 23 May 2018 20:18:11 +0000 (UTC)
Cc: "31572@debbugs.gnu.org" <31572@debbugs.gnu.org>
To: Noam Postavsky <npostavs@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed May 23 22:18:06 2018
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1fLaD0-0006VQ-2O
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 23 May 2018 22:18:06 +0200
Original-Received: from localhost ([::1]:35273 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1fLaF7-0002xb-5n
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 23 May 2018 16:20:17 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:60001)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fLaEx-0002wL-UM
	for bug-gnu-emacs@gnu.org; Wed, 23 May 2018 16:20:09 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fLaEs-0003bT-UM
	for bug-gnu-emacs@gnu.org; Wed, 23 May 2018 16:20:07 -0400
Original-Received: from debbugs.gnu.org ([208.118.235.43]:37776)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1fLaEs-0003bM-QG
	for bug-gnu-emacs@gnu.org; Wed, 23 May 2018 16:20:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fLaEs-0001Qk-Hr
	for bug-gnu-emacs@gnu.org; Wed, 23 May 2018 16:20:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Jeffrey Sondeen <sondeen@usc.edu>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Wed, 23 May 2018 20:20:02 +0000
Resent-Message-ID: <handler.31572.B31572.15271067735455@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 31572
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 31572-submit@debbugs.gnu.org id=B31572.15271067735455
	(code B ref 31572); Wed, 23 May 2018 20:20:02 +0000
Original-Received: (at 31572) by debbugs.gnu.org; 23 May 2018 20:19:33 +0000
Original-Received: from localhost ([127.0.0.1]:45672 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fLaEO-0001Pu-I8
	for submit@debbugs.gnu.org; Wed, 23 May 2018 16:19:32 -0400
Original-Received: from mx0b-00164701.pphosted.com ([67.231.157.15]:60442)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <sondeen@usc.edu>) id 1fLaEM-0001Pm-OR
	for 31572@debbugs.gnu.org; Wed, 23 May 2018 16:19:31 -0400
Original-Received: from pps.filterd (m0087756.ppops.net [127.0.0.1])
	by mx0b-00164701.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w4NKDBp6058522; Wed, 23 May 2018 13:19:30 -0700
Original-Received: from nam03-dm3-obe.outbound.protection.outlook.com
	(mail-dm3nam03lp0016.outbound.protection.outlook.com [207.46.163.16])
	by mx0b-00164701.pphosted.com with ESMTP id 2j4u7w84pn-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
	Wed, 23 May 2018 13:19:29 -0700
Original-Received: from SN1PR07MB4062.namprd07.prod.outlook.com (52.132.198.28) by
	SN1PR07MB2128.namprd07.prod.outlook.com (10.164.46.158) with Microsoft
	SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
	15.20.797.11; Wed, 23 May 2018 20:19:27 +0000
Original-Received: from SN1PR07MB4062.namprd07.prod.outlook.com
	([fe80::8532:addf:9abd:d3d4]) by
	SN1PR07MB4062.namprd07.prod.outlook.com
	([fe80::8532:addf:9abd:d3d4%13]) with mapi id 15.20.0797.011;
	Wed, 23 May 2018 20:19:27 +0000
Thread-Topic: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check
Thread-Index: AQHT8sB55pKDCEWE802SGgSdCT1tpqQ9peyAgAAYT0w=
In-Reply-To: <CAM-tV--A321er=Uaxj-jHp4t3gC-ZPKmsYqP2O6HK1zEss7Apg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [2600:1700:5d80:3720:5cdd:a2a7:eb3e:c4e0]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN1PR07MB2128;
	7:2XmWVZs35KFh0JKrIA+k4ZdQzM9Fafu75tFuY6dyRjqCb2shX4RiPFjWt9QnCEEK9MNtvtDpkgmEVi9gUJqJx+FxFpoh4TZPG4l1mQAl/tCx/6LFKoZGjVDwkEVD7JAgHCRf9WhYKDxemTDPQ0Em1YPde05EnPwg3/7w/tYAa4K2RBF5Gj3c62er8yE3v1bwAj9Vj69CE3hcUJ2dLSpN9JuOEpiofZTLZENPNo5uQ7QUC8Fnk40vSqxfmuIv/okL
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:(152953660613306); BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(8989080)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(8990040)(2017052603328)(7153060)(7193020);
	SRVR:SN1PR07MB2128; 
x-ms-traffictypediagnostic: SN1PR07MB2128:
x-microsoft-antispam-prvs: <SN1PR07MB212826B1A97183A84D0F6B7CBD6B0@SN1PR07MB2128.namprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(10436049006162)(137094920097693)(22074186197030)(192374486261705)(85827821059158)(152953660613306)(155532106045638)(211171220733660);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
	RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231254)(944501410)(52105095)(3002001)(93006095)(93001095)(10201501046)(149027)(150027)(6041310)(20161123562045)(20161123564045)(201703131423095)(201702281529075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(6072148)(201708071742011)(7699016);
	SRVR:SN1PR07MB2128; BCL:0; PCL:0; RULEID:; SRVR:SN1PR07MB2128; 
x-forefront-prvs: 06818431B9
x-forefront-antispam-report: SFV:NSPM;
	SFS:(10019020)(396003)(366004)(376002)(346002)(39380400002)(39860400002)(189003)(199004)(51914003)(53754006)(74316002)(1411001)(99286004)(102836004)(88552002)(5890100001)(11346002)(446003)(476003)(316002)(786003)(486006)(8936002)(25786009)(6606003)(6436002)(2906002)(6916009)(53546011)(6506007)(5250100002)(3660700001)(59450400001)(229853002)(86362001)(575784001)(7736002)(19627405001)(3280700002)(46003)(76176011)(186003)(7696005)(6116002)(105586002)(6246003)(478600001)(75432002)(53936002)(54896002)(236005)(6306002)(9686003)(39060400002)(55016002)(4326008)(106356001)(8558605004)(97736004)(5660300001)(606006)(2900100001)(81166006)(8676002)(81156014)(68736007)(966005)(33656002)(14454004)(460985005);
	DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR07MB2128;
	H:SN1PR07MB4062.namprd07.prod.outlook.com; FPR:; SPF:None; LANG:en;
	PTR:InfoNoRecords; MX:1; A:1; 
received-spf: None (protection.outlook.com: usc.edu does not designate
	permitted sender hosts)
x-microsoft-antispam-message-info: CzsBTJjZ4Gwg/2YL19484ak6tyMXkRV/AEZwOwoKVkNsmRvKke1paZ9iIDChuB7W8OVuweU/EtAOc2sQQvtt8pMIgha/0AB5/3Nx/yLLxAcGZ5Bp7JMabDw0aRgrMJyHasSO/Hysb3wU5VV9e501U+3XeIIKLfrtepzzip5+q+uOgT+/k0siYIdQcIFs/tDo
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
X-MS-Office365-Filtering-Correlation-Id: 3cf82868-1b8f-4eec-32b4-08d5c0ea7bec
X-OriginatorOrg: usc.edu
X-MS-Exchange-CrossTenant-Network-Message-Id: 3cf82868-1b8f-4eec-32b4-08d5c0ea7bec
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 May 2018 20:19:27.5149 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9ddaaca1-389f-4cb1-a113-081be6cc25fc
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR07MB2128
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-23_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0
	mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx
	scancount=1 engine=8.0.1-1711220000 definitions=main-1805230198
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:146447
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/146447>

--_000_SN1PR07MB4062E5F69B839ACDEC6E7386BD6B0SN1PR07MB4062namp_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Hi Noam, thanks for the link, i used it to upload some of the emacs program=
s, reporting them as being falsely anti-virus detected.  I also submitted s=
ome of the exe's to virustotal.com, as mentioned in some other Norton commu=
nity message, and none of the emacs exe's triggered any other anti-virus de=
tections.


It's still a hassle, though, since, while many of the emacs programs are Qu=
arantined by the Norton anti-virus (and can be easily restored), some other=
s are Removed, for which there's no undo operation (all with the falsely de=
tected WS.Reputation.1 message).


thanks,

/jeff

________________________________
From: Noam Postavsky <npostavs@gmail.com>
Sent: Wednesday, May 23, 2018 11:41:51 AM
To: Jeffrey Sondeen
Cc: 31572@debbugs.gnu.org
Subject: Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check

On 23 May 2018 at 14:03, Jeff Sondeen <sondeen@usc.edu> wrote:
>
> Hi all, i've been running Emacs version 26.091, but just downloaded
> emacs-26.1-rc1-x86_64.zip, but Norton Security has quarantined several
> *.exe's (runemacs.exe, etags.exe, etc) under
> emacs-26.1-rc1-x86_64/bin, complaining about a virus called
> "WS.Reputaton.1 Insight Network Threat" as per the attached pix (I
> didn't have this problem with 26.091)

According to https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__communi=
ty.norton.com_en_forums_clarification-2Dwsreputation1-2Ddetection&d=3DDwIFa=
Q&c=3DclK7kQUTWtAVEOVIgvi0NU5BOUHhpN0H8p7CSfnc_gI&r=3Dyx7WeBO4vNFR2eleLG4z-=
w&m=3Do9Wkgj_Y9o3uwCY0WRrKyP4cX03_nVur3WsvHwtHGfY&s=3DqZ0lBbq4-JjwBbDalE5G8=
WHRkRB8NKGNShuCa4iCQ44&e=3D,
this warning doesn't represent a virus finding specifically:

    WS.Reputation.1 is a detection for files that have a low
    reputation score based on analyzing data from Symantec=92s community
    of users and therefore are likely to be security risks.[...]

    The reputation-based system uses "the wisdom of crowds"[...]

--_000_SN1PR07MB4062E5F69B839ACDEC6E7386BD6B0SN1PR07MB4062namp_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
<style type=3D"text/css" style=3D"display:none;"><!-- P {margin-top:0;margi=
n-bottom:0;} --></style>
</head>
<body dir=3D"ltr">
<div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt;color:#000000;font=
-family:Calibri,Helvetica,sans-serif;" dir=3D"ltr">
<p style=3D"margin-top:0;margin-bottom:0">Hi Noam, thanks for the link, i u=
sed it to upload some of the emacs programs, reporting them as being falsel=
y anti-virus detected.&nbsp; I also submitted some of the exe's to
<span>virustotal.com</span>, as mentioned in some other Norton community me=
ssage, and none of the emacs exe's triggered any other anti-virus detection=
s.</p>
<p style=3D"margin-top:0;margin-bottom:0"><br>
</p>
<p style=3D"margin-top:0;margin-bottom:0">It's still a hassle, though, sinc=
e, while many of the emacs programs are Quarantined by the Norton anti-viru=
s&nbsp;(and can be easily restored), some others are Removed, for which the=
re's no undo operation (all with the falsely
 detected WS.Reputation.1 message).</p>
<p style=3D"margin-top:0;margin-bottom:0"><br>
</p>
<p style=3D"margin-top:0;margin-bottom:0">thanks,</p>
<p style=3D"margin-top:0;margin-bottom:0">/jeff<br>
</p>
</div>
<hr style=3D"display:inline-block;width:98%" tabindex=3D"-1">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" st=
yle=3D"font-size:11pt" color=3D"#000000"><b>From:</b> Noam Postavsky &lt;np=
ostavs@gmail.com&gt;<br>
<b>Sent:</b> Wednesday, May 23, 2018 11:41:51 AM<br>
<b>To:</b> Jeffrey Sondeen<br>
<b>Cc:</b> 31572@debbugs.gnu.org<br>
<b>Subject:</b> Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus c=
heck</font>
<div>&nbsp;</div>
</div>
<div class=3D"BodyFragment"><font size=3D"2"><span style=3D"font-size:11pt;=
">
<div class=3D"PlainText">On 23 May 2018 at 14:03, Jeff Sondeen &lt;sondeen@=
usc.edu&gt; wrote:<br>
&gt;<br>
&gt; Hi all, i've been running Emacs version 26.091, but just downloaded<br=
>
&gt; emacs-26.1-rc1-x86_64.zip, but Norton Security has quarantined several=
<br>
&gt; *.exe's (runemacs.exe, etags.exe, etc) under<br>
&gt; emacs-26.1-rc1-x86_64/bin, complaining about a virus called<br>
&gt; &quot;WS.Reputaton.1 Insight Network Threat&quot; as per the attached =
pix (I<br>
&gt; didn't have this problem with 26.091)<br>
<br>
According to <a href=3D"https://urldefense.proofpoint.com/v2/url?u=3Dhttps-=
3A__community.norton.com_en_forums_clarification-2Dwsreputation1-2Ddetectio=
n&amp;d=3DDwIFaQ&amp;c=3DclK7kQUTWtAVEOVIgvi0NU5BOUHhpN0H8p7CSfnc_gI&amp;r=
=3Dyx7WeBO4vNFR2eleLG4z-w&amp;m=3Do9Wkgj_Y9o3uwCY0WRrKyP4cX03_nVur3WsvHwtHG=
fY&amp;s=3DqZ0lBbq4-JjwBbDalE5G8WHRkRB8NKGNShuCa4iCQ44&amp;e=3D">
https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__community.norton.com=
_en_forums_clarification-2Dwsreputation1-2Ddetection&amp;d=3DDwIFaQ&amp;c=
=3DclK7kQUTWtAVEOVIgvi0NU5BOUHhpN0H8p7CSfnc_gI&amp;r=3Dyx7WeBO4vNFR2eleLG4z=
-w&amp;m=3Do9Wkgj_Y9o3uwCY0WRrKyP4cX03_nVur3WsvHwtHGfY&amp;s=3DqZ0lBbq4-Jjw=
BbDalE5G8WHRkRB8NKGNShuCa4iCQ44&amp;e=3D</a>,<br>
this warning doesn't represent a virus finding specifically:<br>
<br>
&nbsp;&nbsp;&nbsp; WS.Reputation.1 is a detection for files that have a low=
<br>
&nbsp;&nbsp;&nbsp; reputation score based on analyzing data from Symantec=
=92s community<br>
&nbsp;&nbsp;&nbsp; of users and therefore are likely to be security risks.[=
...]<br>
<br>
&nbsp;&nbsp;&nbsp; The reputation-based system uses &quot;the wisdom of cro=
wds&quot;[...]<br>
</div>
</span></font></div>
</body>
</html>

--_000_SN1PR07MB4062E5F69B839ACDEC6E7386BD6B0SN1PR07MB4062namp_--