Crafty - a trojan horse

Discussion of anything and everything relating to chess playing software and machines.

Moderators: bob, hgm, Harvey Williamson

Forum rules
This textbox is used to restore diagrams posted with the [d] tag before the upgrade.
K I Hyams
Posts: 3512
Joined: Fri Mar 31, 2006 9:21 pm

Re: Crafty - a trojan horse

Post by K I Hyams » Mon Nov 16, 2009 12:00 pm

SzG wrote:My virus scanning system (Symantec Endpoint Protection) has just quarantined Crafty 23.0 (32-bit). :shock:

It's been there for months. There was a system update this morning.
I downloaded it from http://www.craftychess.com/ after reading your message.
41 antivirus scanners on http://www.virustotal.com/ classify it as clean.
21 antivirus scanners on http://virusscan.jotti.org/en classify it as clean.

User avatar
Jim Ablett
Posts: 1327
Joined: Fri Jul 14, 2006 5:56 am
Location: London, England
Contact:

Re: Crafty - a trojan horse

Post by Jim Ablett » Mon Nov 16, 2009 12:30 pm

SzG wrote:My virus scanning system (Symantec Endpoint Protection) has just quarantined Crafty 23.0 (32-bit). :shock:

It's been there for months. There was a system update this morning.

It is probably my 32 bit Intel compile ?

This is getting stupid now. So many false positives.
First Avira/Antivir and Mcaffe always flagged Intel 32 bit compiles, so I
contacted them. That issue seems to be resolved with Avira now, but take a look at my
Virustotal scan now, so many dumb scanners. I sure they must use each others definitions >

http://tinyurl.com/ylfcm5x

Jim.

User avatar
mclane
Posts: 16436
Joined: Thu Mar 09, 2006 5:40 pm
Location: US of Europe, germany
Full name: Thorsten Czub
Contact:

Re: Crafty - a trojan horse

Post by mclane » Mon Nov 16, 2009 12:34 pm

yes you are in charge. it happened on my systems too after i got your crafty compiles !!

:lol:
What seems like a fairy tale today may be reality tomorrow.
Here we have a fairy tale of the day after tomorrow....

skoony
Posts: 165
Joined: Thu Mar 09, 2006 1:36 am
Location: saint paul,minnesota

Re: Crafty - a trojan horse

Post by skoony » Mon Nov 16, 2009 1:16 pm

hi all,
a long time back when this was a problem with virus scanners
and crafty.
i dont remember the details though.
there's probably some new varient someone has named
craftywhatever.
go to the venders web sight and see if you can do a search.

deja-vu regards,
mike
by the time i get there,i'll be there.

User avatar
Jim Ablett
Posts: 1327
Joined: Fri Jul 14, 2006 5:56 am
Location: London, England
Contact:

Re: Crafty - a trojan horse

Post by Jim Ablett » Mon Nov 16, 2009 2:25 pm

mclane wrote:yes you are in charge. it happened on my systems too after i got your crafty compiles !!

:lol:

I re-compiled 32 bit version and packed it with exe packer upx.
It now gets a clean bill of health in VirusTotal :roll: >

http://tinyurl.com/ykqfujt

So I future I will do this with all Win32 Intel compiles.

Probably too late now, but if anyone wants the new build to test, you can download it here >

http://www.mediafire.com/?4yy3vdt0qvn

Jim.

bnemias
Posts: 373
Joined: Thu Aug 14, 2008 1:21 am
Location: Albuquerque, NM

Re: Crafty - a trojan horse

Post by bnemias » Mon Nov 16, 2009 5:08 pm

Jim Ablett wrote:I re-compiled 32 bit version and packed it with exe packer upx.
It now gets a clean bill of health in VirusTotal :roll: >

[...]

So I future I will do this with all Win32 Intel compiles.
That's pretty funny. It wasn't that long ago when the one sure way to get flagged by scanners was to pack with UPX. If that is now the solution, it makes me wonder if some of the AV companies are running in circles.

[edit]
It's also funny when packing makes a difference at all... If it does, then you know the scanner is worthless because it can't even tell the difference between packed and unpacked files. They are effectively identical, and as such, should produce identical scan results.

User avatar
Jim Ablett
Posts: 1327
Joined: Fri Jul 14, 2006 5:56 am
Location: London, England
Contact:

Re: Crafty - a trojan horse

Post by Jim Ablett » Mon Nov 16, 2009 5:32 pm

bnemias wrote:
Jim Ablett wrote:I re-compiled 32 bit version and packed it with exe packer upx.
It now gets a clean bill of health in VirusTotal :roll: >

[...]

So I future I will do this with all Win32 Intel compiles.
That's pretty funny. It wasn't that long ago when the one sure way to get flagged by scanners was to pack with UPX. If that is now the solution, it makes me wonder if some of the AV companies are running in circles.

[edit]
It's also funny when packing makes a difference at all... If it does, then you know the scanner is worthless because it can't even tell the difference between packed and unpacked files. They are effectively identical, and as such, should produce identical scan results.
Hi Eric,

Actually not byte for byte identical. Packed executables are usually stripped of surplus data when compressed such as overlay data, unused resources, debug data etc.

Jim.

Engin
Posts: 832
Joined: Mon Jan 05, 2009 6:40 pm
Location: Germany
Full name: Engin Üstün
Contact:

Re: Crafty - a trojan horse

Post by Engin » Mon Nov 16, 2009 7:17 pm

is it possible that a virus jump from other file to crafty ???

User avatar
Jim Ablett
Posts: 1327
Joined: Fri Jul 14, 2006 5:56 am
Location: London, England
Contact:

Re: Crafty - a trojan horse

Post by Jim Ablett » Mon Nov 16, 2009 7:40 pm

Engin wrote:is it possible that a virus jump from other file to crafty ???
Hi Engin,

Yes it is very possible that any exe file can become infected and users are right to be
very cautious when anti-virus alerts them and not to take a chance, but in this case
their security programs are detecting a false positive. All Antivirus give false positives but
some very few, others a lot. I think best is Kaspersky or Nod in that respect. Those are the
ones whose results you should look at first and trust the most when scanning with online tool like VirusTotal.

Jim.

ernest
Posts: 1874
Joined: Wed Mar 08, 2006 7:30 pm

Re: Crafty - a trojan horse

Post by ernest » Mon Nov 16, 2009 11:39 pm

No problem at all with McAfee!... :o

Post Reply