Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected

Hi,

It certainly looks like a false positive. Can you please try installing on
some other Windows server?

On Mon, Dec 23, 2019 at 6:15 PM Magnus Hagander <magnus(at)hagander(dot)net> wrote:

> Hello!
>
> The fact that only a single scanning engine considers that being a
> problem, means it's almost certainly an issue with the virus scanner, and
> not an actual trojan. Especially given that as Andres pointed out,
> Mirosoft's scanner has had problems with false positives about this trojan
> before.
>
> //Magnus
>
>
> On Sun, Dec 22, 2019 at 5:03 PM Manoj Agrawal <manoj(dot)agrawal(at)hotmail(dot)com>
> wrote:
>
>> Hi Magnus,
>>
>> I apologies for troubling you at this time. But your questions are
>> important I will try to answer all.
>>
>>
>> 1. URL from where I downloaded the installer
>>
>> https://www.enterprisedb.com/thank-you-downloading-postgresql?anid=1257093
>>
>> image as below:
>> I have not taken checksum of the file.
>>
>>
>> 2. I did scanned the file with the url you below. Attaching the
>> screen shot for your ref.
>>
>>
>> Here are some of the details from the details tab. Attaching .pdf
>> also for your reference.
>> MD5
>> 457c9ea7f38663bd7f425f4418a6dcba
>> SHA-1
>> eb8ffab9532224ee2e722013b08311bc91b009d2
>> SHA-256
>> 076a334a624e71744f5659d5d4576ba88cd064c47a486f0316db85dbbe7cd5b2
>> Vhash
>> 015056656d15155188z34!z
>> Authentihash
>> 39c368326cfb7d605ba7228d6fdbc98ad9f680e8c45fda55ef66e305b38c01b7
>> Imphash
>> 76881c88796d93158906531d1f6a2529
>> SSDEEP
>> 1536:ixwCY+BeiOs1V8u9TyMYR7PRdUQjqKZZY0Z3n3DJTY3B/eeLuB5oGqZ:ixwCY+siDUQu97PzULKZT3na3nO5oZ
>>
>> File type
>> Win32 EXE
>> Magic
>> PE32+ executable for MS Windows (console) Mono/.Net assembly
>> File size
>> 113.50 KB (116224 bytes)
>>
>>
>>
>> Sir, please do let me know if any more information i can share with you.
>> I will be more than happy to share with you.
>>
>>
>> ------------------------------
>>
>> Thanks and Regards
>>
>> Manoj Agrawal
>> manoj(dot)agrawal(at)hotmail(dot)com
>>
>> ------------------------------
>> *From:* Magnus Hagander <magnus(at)hagander(dot)net>
>> *Sent:* 22 December 2019 09:08 PM
>> *To:* Manoj Agrawal <manoj(dot)agrawal(at)hotmail(dot)com>
>> *Cc:* security(at)postgresql(dot)org <security(at)postgresql(dot)org>;
>> pgsql-bugs(at)lists(dot)postgresql(dot)org <pgsql-bugs(at)lists(dot)postgresql(dot)org>
>> *Subject:* Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected
>>
>>
>>
>> On Sun, Dec 22, 2019 at 4:26 PM Manoj Agrawal <manoj(dot)agrawal(at)hotmail(dot)com>
>> wrote:
>>
>> Dear PostgreSQL Team,
>>
>> I am a regular ordinary user of your application.
>> I apologies for not following your bug and security template. I suppose
>> this will be OK with you.
>>
>> Kindly look at this screen from Windows 10 machine.
>>
>> I have downloaded "postgresql-12.1-3-windows-x64.exe" from your website
>> and during installation it is reporting Malware in one of your executable.
>>
>>
>>
>> Exactly which URL did you download it from? And please provide a checksum
>> (md5, sha1 or similar) of the file downloaded to your system.
>>
>>
>>
>>
>> *PostgreSQL\12\bin\pg_ctl.exe*
>>
>> *Threat detected: Trojan:Win32/Detplock *
>>
>> *Alert level: Severe *
>>
>> *Date: 22-12-2019 07:32 PM *
>>
>> *Category: Trojan *
>>
>> *Details: This program is dangerous and executes commands from an
>> attacker. *
>>
>> I need you to look into this on priority basis. As I am stuck-up
>>
>>
>> Hi!
>>
>> Can you please take the file from your system and upload it to
>> https://www.virustotal.com/gui/home/upload, and let us know what the
>> detection there says? It also gives you a link to the finished analysis,
>> so please post the link to that one as well.
>>
>> //Magnus
>>
>>

--
Sandeep Thakkar