Jump to content
The simFlight Network Forums

Recommended Posts

Posted

Hi Peter,

Just trying to download the SDK but my firewall won't let me because it's reporting that the zip file contains a 'Suspicious#petite (Worm)' virus. Could you check this out please?

Posted

Given the name of the "virus" (which appears to be a heuristic "well it looks like a virus so I'd better flag it up" report rather than an actual live malware report) I'd suggest that's probably a false positive, but only the AV company can confirm that.

I've just downloaded the 29th release (March 1st 2009 (4 MB)) from http://www.schiratti.com/dowson.html and McAfee is reporting it as clean here.

What AV package are you using?

Ian P.

Posted

It's a company firewall - manufactured by Sonicwall. If you're showing as clean than I'll go and see the IT admin and see if he can sort it out. Thanks for checking this out for me!

Posted

Okay,

My IT admin has looked into this and it would appear that the file does indeed have a virus. The petite part of the virus report tells us that Petite was used to compress the executable and it appears that's what's used for the other files on the site. The fact that we can download the other files with no issue does indicate that there's potentially a virus on the SDK file. Apparently there are a number of worms that can attach themselves to a Petite-compressed file.

Just an FYI - this has been reported before on the forum by a different user. Bearing in mind that Sonicwall is a high-end enterprise standard firewall box, it's possible it's picking stuff up that standard home AV packages aren't...

We'll download the file outside of the firewall and scan the executable and let you know what we find.

Not having a go or anything - just want to help out!

Posted

The petite part of the virus report tells us that Petite was used to compress the executable and it appears that's what's used for the other files on the site. The fact that we can download the other files with no issue does indicate that there's potentially a virus on the SDK file. Apparently there are a number of worms that can attach themselves to a Petite-compressed file.

I have not used Petite for a long time now. What "executable" in the SDK are you referring to?

Pete

Posted

Hi Pete,

'Executable' is the terminology used by our IT guy when he came and let me know what's going on - I guess from your quote marks there's no executable inside the zip; I wouldn't know as I can't get the file at the moment! Like I said, it's odd that I can download any of the other files, but this is the only one that Sonicwall blocks. Anyway, I'll let you know more once he gets back to me.

Posted

Just for further information, my download was on the corporate system too, through two firewalls, two AV scans (although both are McAfee Enterprise) and the Proxy.

Ian P.

Posted

'Executable' is the terminology used by our IT guy when he came and let me know what's going on - I guess from your quote marks there's no executable inside the zip

Well, there are, several. It is a collection of tools and examples, most of which have not been changed for years. Is this the first time you've tried to get the SDK?

Classifying any LIB, DLL and EXE as executable, there are:

FSInterrogate2std.exe

Zips containing UIPChello.exe examples compiled in different languages

Zips containing LIB files for the IPC interface

Zips containing DLLs used by some language interfaces

Mostly it is Zips withing the Zip.

The FSInterrogate2std.exe may be compressed with Petite. It hasn't been changed in the SDK Zip, though, since 2007. Is this worm you detected that old? Neither Norton AV (full commercial version) nor AVG find anything wrong with it, but if necessary I can recompress the original using my current compressor instead.

The only times any virus report has been made in the past it has proven to be a false positive, just resulting from the odd bit patterns you get from compression. I don't remember anyone ever reporting one on the SDK at all.

Regards

Pete

Posted

The compression algorithms used to create compressed archives are well known and used by many different software packages, as well as by those that distribute virus/trojans/worms, etc. These algorithms create 'patterns' in the compressed file/image, and these patterns can look similar between legit and bogus files.

As such, scanning software needs to be 'smart' and adaptive in order to detect/flag the bogus patterns/files, while not giving false positives to the legit ones. Its a challenging task, for sure. To make things a bit more complicated, some scanning software vendors allow the user (corporate entities usually) to adjust the 'sensitivity' to these patterns in order to be more rigorous in detection, which can trigger even more false positives.

I've used Pete's FSUIPC pretty much since its inception, and have never encountered any form of actual virus/trojan/worm/etc in any of his deliverables. If you are getting alerts on his files, and you are sure of the source of the files, then I would suggest that the scanner is being overly cautious triggering on a pattern, and giving false alarms.

Posted
... if necessary I can recompress the original using my current compressor instead.

I've re-compressed the FSInterrogate2std.exe item with my newer compressor -- it actually does a better job, so the package is even smaller than before. Nothing else has been changed. Try downloading it -- use the link in the Updates Announcement above. I can send it to Enrico Schiratti to rpelace on his site too if needed, but I remain pretty sure the problem on the former one would have been a false positive.

Let me know please.

Regards

Pete

Posted

Yes, I'm definitely thinking this is the case now. I've done some more research and it seems that Sonicwall don't let you download anything compressed by Petite, full stop. We tried downloading outside of the firewall with AVAST protection and that threw up the same issue - I suspect that they've also done a blanket block of Petite-packed files.

Your updated file downloads just fine so thanks for your attention on this Pete - I was pretty sure there wouldn't be a virus, but wanted to alert you to it just in case.

Now, back to looking into FS2004 support for the new Saitek Pro Flight panels...

Posted
Yes, I'm definitely thinking this is the case now. I've done some more research and it seems that Sonicwall don't let you download anything compressed by Petite, full stop. We tried downloading outside of the firewall with AVAST protection and that threw up the same issue - I suspect that they've also done a blanket block of Petite-packed files.

Your updated file downloads just fine so thanks for your attention on this Pete - I was pretty sure there wouldn't be a virus, but wanted to alert you to it just in case.

OkayI'll send it to Enrico too so he can replace the one on his "Dowson" page.

Regards

Pete

  • 3 years later...
Posted

Were can i Download that SDK?

Which SDK? The FSUIPC SDK? Same place as you download all the rest of my stuff, including FSUIPC. Where did you get that? There's the Schiratti site where it's been now for 12 years or more, and the Download Links subforum here.

Pete

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use. Guidelines Privacy Policy We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.