Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Anti-virus false positives - MPEG Elementary Streams #12

Open
Dclipsham opened this issue Feb 12, 2020 · 1 comment
Open

Anti-virus false positives - MPEG Elementary Streams #12

Dclipsham opened this issue Feb 12, 2020 · 1 comment
Labels
info

Comments

@Dclipsham
Copy link

Rather oddly, fmt/640 and fmt/649 skeleton files are both getting picked up as 'trojans' by McAfee as https://nvd.nist.gov/vuln/detail/CVE-2011-4259
these are MPEG-2 Elementary Stream and MPEG-1 Elementary Stream respectively.
Signatures are
000001B3{8-256}000001B5{6-256}000001B8 and

000001B3{8}000001B8

Not sure what to do about it, but it was causing issues with local DROID builds so we're currently having to exclude them from our tests. I've yet to tinker with skeleton files to find a byte pattern McAfee will ignore but will update if I get the chance.

cc @sparkhi @jcharlet
@ross-spencer
Copy link
Member

Thanks David. Yeah, I've observed something like this in the past. This is a useful ticket to have to inform others.

There's not a whole lot to tweak there! But I hope your investigation goes well. The {m-n} and {n} matching are configurable in Skeleton Suite currently, I think I output zeroes for clarity at the moment, but have a random byte mode in there too I think (and/or custom filler byte).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
info
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ross-spencer @Dclipsham