Jump to content
The simFlight Network Forums

FSUIPC SDK download has a virus? [Update - no, it's fine]

Tr1cky49
 Share

Recommended Posts

Ian P Newbie

Ian P

Posted
Posted

Given the name of the "virus" (which appears to be a heuristic "well it looks like a virus so I'd better flag it up" report rather than an actual live malware report) I'd suggest that's probably a false positive, but only the AV company can confirm that.

I've just downloaded the 29th release (March 1st 2009 (4 MB)) from http://www.schiratti.com/dowson.html and McAfee is reporting it as clean here.

What AV package are you using?

Ian P.

Link to comment
Share on other sites
Tr1cky49 Newbie

Tr1cky49

Posted
  • Author
Posted

Okay,

My IT admin has looked into this and it would appear that the file does indeed have a virus. The petite part of the virus report tells us that Petite was used to compress the executable and it appears that's what's used for the other files on the site. The fact that we can download the other files with no issue does indicate that there's potentially a virus on the SDK file. Apparently there are a number of worms that can attach themselves to a Petite-compressed file.

Just an FYI - this has been reported before on the forum by a different user. Bearing in mind that Sonicwall is a high-end enterprise standard firewall box, it's possible it's picking stuff up that standard home AV packages aren't...

We'll download the file outside of the firewall and scan the executable and let you know what we find.

Not having a go or anything - just want to help out!

Link to comment
Share on other sites
Pete Dowson Rising Star

Pete Dowson

Posted
Posted

The petite part of the virus report tells us that Petite was used to compress the executable and it appears that's what's used for the other files on the site. The fact that we can download the other files with no issue does indicate that there's potentially a virus on the SDK file. Apparently there are a number of worms that can attach themselves to a Petite-compressed file.

I have not used Petite for a long time now. What "executable" in the SDK are you referring to?

Pete

Link to comment
Share on other sites
Tr1cky49 Newbie

Tr1cky49

Posted
  • Author
Posted

Hi Pete,

'Executable' is the terminology used by our IT guy when he came and let me know what's going on - I guess from your quote marks there's no executable inside the zip; I wouldn't know as I can't get the file at the moment! Like I said, it's odd that I can download any of the other files, but this is the only one that Sonicwall blocks. Anyway, I'll let you know more once he gets back to me.

Link to comment
Share on other sites
Pete Dowson Rising Star

Pete Dowson

Posted
Posted

'Executable' is the terminology used by our IT guy when he came and let me know what's going on - I guess from your quote marks there's no executable inside the zip

Well, there are, several. It is a collection of tools and examples, most of which have not been changed for years. Is this the first time you've tried to get the SDK?

Classifying any LIB, DLL and EXE as executable, there are:

FSInterrogate2std.exe

Zips containing UIPChello.exe examples compiled in different languages

Zips containing LIB files for the IPC interface

Zips containing DLLs used by some language interfaces

Mostly it is Zips withing the Zip.

The FSInterrogate2std.exe may be compressed with Petite. It hasn't been changed in the SDK Zip, though, since 2007. Is this worm you detected that old? Neither Norton AV (full commercial version) nor AVG find anything wrong with it, but if necessary I can recompress the original using my current compressor instead.

The only times any virus report has been made in the past it has proven to be a false positive, just resulting from the odd bit patterns you get from compression. I don't remember anyone ever reporting one on the SDK at all.

Regards

Pete

Link to comment
Share on other sites
BradS Newbie

BradS

Posted
Posted

The compression algorithms used to create compressed archives are well known and used by many different software packages, as well as by those that distribute virus/trojans/worms, etc. These algorithms create 'patterns' in the compressed file/image, and these patterns can look similar between legit and bogus files.

As such, scanning software needs to be 'smart' and adaptive in order to detect/flag the bogus patterns/files, while not giving false positives to the legit ones. Its a challenging task, for sure. To make things a bit more complicated, some scanning software vendors allow the user (corporate entities usually) to adjust the 'sensitivity' to these patterns in order to be more rigorous in detection, which can trigger even more false positives.

I've used Pete's FSUIPC pretty much since its inception, and have never encountered any form of actual virus/trojan/worm/etc in any of his deliverables. If you are getting alerts on his files, and you are sure of the source of the files, then I would suggest that the scanner is being overly cautious triggering on a pattern, and giving false alarms.

Link to comment
Share on other sites
Pete Dowson Rising Star

Pete Dowson

Posted
Posted
... if necessary I can recompress the original using my current compressor instead.

I've re-compressed the FSInterrogate2std.exe item with my newer compressor -- it actually does a better job, so the package is even smaller than before. Nothing else has been changed. Try downloading it -- use the link in the Updates Announcement above. I can send it to Enrico Schiratti to rpelace on his site too if needed, but I remain pretty sure the problem on the former one would have been a false positive.

Let me know please.

Regards

Pete

Link to comment
Share on other sites
Tr1cky49 Newbie

Tr1cky49

Posted
  • Author
Posted

Yes, I'm definitely thinking this is the case now. I've done some more research and it seems that Sonicwall don't let you download anything compressed by Petite, full stop. We tried downloading outside of the firewall with AVAST protection and that threw up the same issue - I suspect that they've also done a blanket block of Petite-packed files.

Your updated file downloads just fine so thanks for your attention on this Pete - I was pretty sure there wouldn't be a virus, but wanted to alert you to it just in case.

Now, back to looking into FS2004 support for the new Saitek Pro Flight panels...

Link to comment
Share on other sites
Pete Dowson Rising Star

Pete Dowson

Posted
Posted
Yes, I'm definitely thinking this is the case now. I've done some more research and it seems that Sonicwall don't let you download anything compressed by Petite, full stop. We tried downloading outside of the firewall with AVAST protection and that threw up the same issue - I suspect that they've also done a blanket block of Petite-packed files.

Your updated file downloads just fine so thanks for your attention on this Pete - I was pretty sure there wouldn't be a virus, but wanted to alert you to it just in case.

OkayI'll send it to Enrico too so he can replace the one on his "Dowson" page.

Regards

Pete

Link to comment
Share on other sites
  • 3 years later...
Pete Dowson Rising Star

Pete Dowson

Posted
Posted

Were can i Download that SDK?

Which SDK? The FSUIPC SDK? Same place as you download all the rest of my stuff, including FSUIPC. Where did you get that? There's the Schiratti site where it's been now for 12 years or more, and the Download Links subforum here.

Pete

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use. Guidelines Privacy Policy We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.