Create account / Log in

Trojan horse detected in Vassal 3.2.2

Issues with the Vassal engine.

Moderators: uckelman, Tim M

Trojan horse detected in Vassal 3.2.2

Postby lebigot » January 19th, 2013, 2:55 pm

Installing Vassal 3.2.2 (in principle downloaded from SourceForge) on Windows 7 with the 360 Antivirus raises an alert: it detects a Trojan horse (HEUR.Malware QVM01.Gen).

Has anybody experienced a similar problem? A Google search for QVM01.Gen seems to only return Chinese sites, including reports by users where they show that a simple, benign program can raise the same alert.

However, I'm still a little hesitant to allow the installed Vassal to run. Any advice?
lebigot
 
Posts: 12
Joined: January 19th, 2013, 2:41 pm

Re: Trojan horse detected in Vassal 3.2.2

Postby DrNostromo » January 19th, 2013, 4:30 pm

I am 100% certain this is a false read. I've been using Vassal for over 5 years and I've never encountered any problems of this kind. I'm certain that the powers-that-be here at Vassal would work extensively hard to insure something like that would never happen.
User avatar
DrNostromo
 
Posts: 1069
Joined: December 21st, 2007, 3:54 am
Location: Wine Country, Cal. USA

Re: Trojan horse detected in Vassal 3.2.2

Postby lebigot » January 20th, 2013, 3:07 pm

Yeah, I would think so too.

I was more concerned about a possible man-in-the-middle attack whereby the downloaded Vassal might differ from the original one (basically through a fake SourceForge download page: I was not able to verify the identity of the SourceForge site from which I downloaded Vassal). Is there any way I can make sure that the downloaded file is correct (checksum, web site with certificate)?
lebigot
 
Posts: 12
Joined: January 19th, 2013, 2:41 pm

Re: Trojan horse detected in Vassal 3.2.2

Postby uckelman » January 31st, 2013, 11:03 pm

Thus spake lebigot:
> Yeah, I would think so too.
>
> I was more concerned about a possible man-in-the-middle attack whereby
> the downloaded Vassal might differ from the original one (basically
> through a fake SourceForge download page: I was not able to verify the
> identity of the SourceForge site from which I downloaded Vassal). Is
> there any way I can make sure that the downloaded file is correct
> (checksum, web site with certificate)?

Sourceforge displays the SHA1 and MD5 checksums of our files (click the
little circled 'i' icon to see them for any given file).

These are the SHA1s for the 3.2.2 files I uploaded to SF:

[uckelman@scylla releases]$ sha1sum VASSAL-3.2.2-*
a64a85b9e6ae185cd6345390d507f9065e05ddcd VASSAL-3.2.2-linux.tar.bz2
e01181793b7152d9b57d7657723ec18d2633dab4 VASSAL-3.2.2-macosx.dmg
e4ee51ada5b764df9079bc06b1d8825c5306c705 VASSAL-3.2.2-other.zip
718b2e0f3eed7013ffccfa7ccde548efe277c000 VASSAL-3.2.2-src.zip
c2683f5801cc60c653b3b7b939f98edcb30b21b0 VASSAL-3.2.2-windows.exe

They agree with the SHA1s SF displays.

The files you get when you download from SF ought to have SHA1s matching
these. If not, PLEASE lest us know immediately.

In reply to the original post: I'm quite sure your antivirus program is
being overzealous, so long as the file you downloaded has the same SHA1
as the file I uploaded.

--
J.
User avatar
uckelman
Site Admin
 
Posts: 8989
Joined: December 10th, 2007, 9:48 am
Location: Durham, England


Return to Technical Support & Bugs

Who is online

Users browsing this forum: Google [Bot] and 5 guests