Bug report #22011

Antivirus: 2 engines detected this file. (Security)

Added by Thiago Teodoro 6 months ago.

Status:Open
Priority:High
Assignee:-
Category:Build/Install
Affected QGIS version:3.6.2 Regression?:No
Operating System: Easy fix?:No
Pull Request or Patch supplied:No Resolution:
Crashes QGIS or corrupts data:No Copied to github as #:29825

Description

File: QGIS-OSGeo4W-3.6.2-1-Setup-x86_64.exe
MD5: 4E50EF1D565DDAFFF3B4DD6C9CB5507C

I found some security issues in this software.

It is possible that this issue is related with “.data” section and the EOF extra data.

Length of EOF Extra Data: 1E271A90h (505879184) bytes.
EOF Position: 1E27D890h (505927824)
Warning! Section <.data> (2) extends beyond the raw file offset of section <.ndata> (3).

Virus Total (With problems)
https://www.virustotal.com/gui/file/3b4fb1daa92b28f34fd1d3a8445d007bd93bb0619e2c26d9008ee075c65fb2f3/detection

If the .data section is removed:
https://www.virustotal.com/gui/file/847b8ed9f258d93a85a4d45f85c3019025bfdbdf442395e2ee509484cbb9df26/detection

A large portion of the installation (90%) is found in the EOF extra data. Once the EOF extra is removed it shows a zero raw size ".ndata" section.

Virus Total
https://www.virustotal.com/gui/file/75654e7cce45b95abf03b8402c0babb7b97c7d92ed76d6da88ac590700073ee7/detection

Other issues:
To update the GUID for Windows, the manifest shows only GUID for Windows Vista and Windows 7.

Qgis_1.PNG - Nullsoft error and possible executable file. (4.58 KB) Thiago Teodoro, 2019-05-07 08:05 PM

Qgis_2.PNG - EOF extra data (1.28 KB) Thiago Teodoro, 2019-05-07 08:05 PM

Qgis_4.PNG - GUID windows version (18.5 KB) Thiago Teodoro, 2019-05-07 08:56 PM

Also available in: Atom PDF