[tor-bugs] #8321 [Tor bundles/installation]: Security issue on tor bundle Version 2.3.25-4
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 25 12:09:54 UTC 2013
#8321: Security issue on tor bundle Version 2.3.25-4
--------------------------------------+-------------------------------------
Reporter: helpinghand | Owner: erinn
Type: defect | Status: new
Priority: normal | Milestone: TorBrowserBundle 2.3.x-stable
Component: Tor bundles/installation | Version: Tor: 0.2.3.25
Keywords: virus | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by erinn):
I ran a full malware and virus scan (~9h long) on the build machine and it
didn't find anything at all. I tried rebuilding and resubmitting the file
to see if things would change, but it seems that virustotal will not take
new versions of the same file? Does anyone know if there is a way to re-
submit? I also sent tbb-firefox.exe to Emsisoft's false positive
detection/evaluation website (http://www.emsisoft.de/en/support/submit/)
so that they could evaluate it and hopefully determine that it is in fact
a false positive.
If it is an FP I would like to figure out why, and what triggers it. The
obfsproxy folks determined that some Python build tools reliably cause FPs
with Windows exes, and we are using pymake for our Firefox builds. This is
also the same "virus" that we had in tbb-firefox.exe last year (Kazy) that
ended up being an FP. The only thing the two releases have in common is a
jump in the major Firefox version (10.0.x -> 17.0.x here, 11.0 -> 12.0
there). Do we know anyone who knows things about AV heuristics? Because
even though I feel reasonably confident that this is another FP, I'm
'''really''' uncomfortable about it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8321#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list