[jitsi-dev] Antivirus problem with Jitsi installer


#1

Hi all,

I've encountered a problem with Jitsi installer after I've updated my
antivirus program lately. I am using Symantec Endpoint Protection and
starting from last week, all of my downloaded installer files are
considered as threat by the antivirus program. The problem exists for
all recent installer versions of Jitsi so far. Did anyone using
Symantec or Norton (or any other antivirus program) come accross with
the similar problem?

I also tried to build installer on a Windows XP SP3 machine with ant
target and faced the similar problem in the process of creating
"setup.exe" for the Jitsi. Once its build, Symantec gives the error
which attached a screencap of it. As the antivir program deletes
"setup.exe", the process is halted. Can it be related with some code
patterns in "setup.c", which is located in "src/native/windows/setup"
directory in the source code?

I recall that some antivirus programs were informed about an outlook
dll because of a virus threat warning; it was cleared after that and
we started to use tdm-gcc to compile native libraries. Can it be a
similar problem?

Thanks&Regards,
Sercan Sadi


#2

We've been having false positives for setup.exe and
jmsoutlookaddrbook.dll with various anti-virus software. You're right
we contacted multiple anti-virus software creators to report the false
positive for jmsoutlookaddrbook.dll and many of them fixed their
issues. However, setup.exe changes with (nearly) every build so the
whitelisting techniques which the anti-virus software creators have
used for jmsoutlookaddrbool.dll will likely be defeated in the case of
setup.exe.

I guess an option is to contact Symantec and report setup.exe as a
false positive anyway. Since Jitsi is free and open-source software,
the source code is already available to them to review. Please feel
free to contact Symantec on this matter.

I also wonder whether code signing would have any effect i.e. whether
it would make anti-virus software not be so wrong about the threat
level of our .exes and .dlls.

I know the idea of using a different compiler sounds like a waste of
time but I've personally seen it make a difference at least once so...
we could try Microsoft's compiler for a change and with a very low
priority.


#3

Hi Lyubomir,

I've just reported the incident as false positive to Symantec upon
your suggestion. I've added explanatory information and I am waiting
for support team to contact me. I'll inform as I receive responses.

Regards,
Sercan

ยทยทยท

On Sat, May 28, 2011 at 11:23 AM, Lyubomir Marinov <lubo@jitsi.org> wrote:

We've been having false positives for setup.exe and
jmsoutlookaddrbook.dll with various anti-virus software. You're right
we contacted multiple anti-virus software creators to report the false
positive for jmsoutlookaddrbook.dll and many of them fixed their
issues. However, setup.exe changes with (nearly) every build so the
whitelisting techniques which the anti-virus software creators have
used for jmsoutlookaddrbool.dll will likely be defeated in the case of
setup.exe.

I guess an option is to contact Symantec and report setup.exe as a
false positive anyway. Since Jitsi is free and open-source software,
the source code is already available to them to review. Please feel
free to contact Symantec on this matter.

I also wonder whether code signing would have any effect i.e. whether
it would make anti-virus software not be so wrong about the threat
level of our .exes and .dlls.

I know the idea of using a different compiler sounds like a waste of
time but I've personally seen it make a difference at least once so...
we could try Microsoft's compiler for a change and with a very low
priority.