[TYPO3-templavoila] Virus Warning in Mapping Module

Achim Eichhorn achim at die3.net
Sun Oct 17 11:23:01 CEST 2010


Hi,

i digged into this problem and found a solution,
how to reproduce this error.

I setup an virtual machine where I copied
(it needs no installation, so I don't think
it will mess up your registry...)
the command line scanner provided by avira.

When running the scanner from a dos prompt on the
file "96D38C03d01" Georg Nebel provided under:
http://bugs.typo3.org/print_bug_page.php?bug_id=15896
I get this message from the scanner:

-------------------------------------------------------------
Avira / Windows Version 1.9.150.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.

engine set:         8.2.4.82
VDF Version:        7.10.12.230

key file:           C:\xyz\AVIRA_TEST\hbedv.key
registered user:    Avira AntiVir Personal - FREE Antivirus
serial number:      0000149996
key expires:        Sep 01 2011

Scan start time: 17.10.2010 10:53:54
Command line: scancl.exe test/

configuration file: C:\xyz\AVIRA_TEST\scancl.conf
test\96D38C03d01.txt ALERT: [HTML/Crypted.Gen] test\96D38C03d01.txt <<< 
Contains signature of the HTML script virus HTML/Crypted.Gen
 
 
 
 
 
 
 
 
 
 
 
 
 
 


Statistics :
     Directories............... : 1
     Files..................... : 1
         Infected.............. : 1
             Ignored........... : 1
         Warnings.............. : 0
         Suspicious............ : 0
     Infections................ : 1
     Time...................... : 00:00:01
-------------------------------------------------------------

This virus message is exactly the same, I receive three times
a minute, when working with templavoila...

Here is, what you need to run the command-line tool:

(dl1) Command-Line scanner
http://dlpro.antivir.com/package/scancl/win32/en/scancl-win32-en.zip

(dl2) Actual virus definitions and needed .dll libraries:
http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip

(dl3) Key-File: To run the scanner, you need an actual key-file, too.
You can download the actual version of free-av and then extract the
"hbedv.key" file with your favorite packager. It can be found in the
root of the archive. Download of free-av:
http://www.avira.com/de/free-download-avira-antivir-personal


How to setup your test-envirnoment:

(I don't think, you need a separate virtual machine, like I did.
I only used one, because my INSTALLED avira solution always showed virus 
messages when I tired to work with this file.)

1. create your AVIRA-Folder, perhaps on the desktop:
2. Extract scancl-win32-en.zip into this folder (dl1)
3. extract ivdf_fusebundle_nt_en.zip into this folder (dl2)
4. extract hbedv.key file into this folder (dl3)

	... all the files, including the binary scanlc.exe, the dlls and vdls 
and the key file should now be in this folder, NOT
in subfolders!

5. now create a subfolder "test" within this folder.
6. copy your "infected" file into test/
7. open a dos-command prompt and change to the AVIRA-Folder
8. type scanlc.exe test/

You should now get the message, I printed above.

Within the AVIRA-Folder you should find a pdf with further
explanations to the command-line-scanner.

Hope, my 2cents help a little,
to find a quick solution for this problem.

With the best regards

Achim.


Am 10.10.2010 16:18, schrieb Tolleiv.Nietsch:
> Hi,
>
> too bad that I'm also not able to reproduce it neither with
> FreeAV+Chrome nor with FreeAV+Firefox and Heuristics set to high.
>
> I'd appreciate every suggestion how to reproduce it.
>
> Cheers,
> Tolleiv



More information about the TYPO3-project-templavoila mailing list