httpd-2.4.23-x86-vc14.zip contains virus

Started by wtam, September 01, 2016, 08:50:59 PM

Previous topic - Next topic

wtam

Hello,

Trying to download httpd-2.4.23-x86-vc14.zip but Windows Defender has notified me that it contains virus and cleaned the file for me.

Thanks,
Winnie

Gregg

They are false positives. I've seen this a couple times now with 2.4.23 VC14 x86  and all have been Windows Defender.
https://www.apachelounge.com/viewtopic.php?t=7277
I can't find the one at Xampp right now but Xampp uses the Apache Lounge builds.

We do not repackage Apache Lounge builds, we build them ourselves. So, for just 1 anti virus to find a virus in two different builds is pretty much suspect that the AV is wrong. If I remember right, the file is one of the ht*.* files in Apache's /bin folder.

But, here's some detail from Virus Total for the DE mirror download I just downloaded.
File already analysed
This file was last analysed by VirusTotal on 2016-08-19 20:51:04 UTC (1 week, 6 days ago) it was first analysed by VirusTotal on 2016-07-18 23:31:57 UTC.
Detection ratio: 0/54

Today's analysis :
SHA256:    6bbd132f6648ea1830d2e4acd98635987669eb631025782bdb71a2495e23370c
File name:    httpd-2.4.23-x86-vc14.zip
Detection ratio:    1 / 55
Analysis date:    2016-09-01 21:23:23 UTC ( 1 minute ago )
VBA32    suspected of Archive.MailBomb

https://www.virustotal.com/en/file/6bbd132f6648ea1830d2e4acd98635987669eb631025782bdb71a2495e23370c/analysis/1472765003/

Site download is same as well as my copy out of the compiler as the checksums match so the files have not been tampered with on any of the servers.

So 1 of 55 think it's a bad file, VBA32. It's not that I have not heard of VBA32, just doesn't seem very popular. The big boys like AVG/Symantic/McAfee/Kaspersky/Microsoft (their Enterprise AV)/Comodo/TrendMicro do not. Good chance it's a false possitive.


Open Defender and have it update Virus definitions, false possitives typically only last 1 or 2 days and then the file is miraculously ok again.

Wthat I do find odd is that Windows Defender is having this problem yet my Microsoft Security Essentials is not. They are the same thing just with different names. BTW, MSSE when originally named Windows Defender when it was in Beta.







JohnyCash

I have Windows Defender, but not received any notification about a virus. Maybe they updated their database or something.