Virus found

[newby 5]

 

A Virus is in the installation files . scanner Bitdefender.

 

 

[ebr 16184]

As long as you obtained the installer from our website, I'm sure this is a false positive.

[newby 5]

i download al the files from github. beta release 3.1.63 and 3.1.62. sorry before these files, never comes a message.

[ebr 16184]

I'm sure it is a false positive.  Many users have installed those versions.  But, if you'd rather wait, it will probably go away with another release.

[newby 5]

 

Since 3.1.62 these message or installation-box comes with startup emby. since virus found. virus found in zip file too.

[Luke 42079]

We've always had the requirement of the c++ 2013 runtime

[ebr 16184]

That is a required component for Emby and is coming direct from Microsoft.

[newby 5]

Okay Yes...... i will not say that the virus is in these Microsoft file.... i will say,, every startup it comes these messagebox from microsoft. 

 

But the virus is since 3.1.62. and these box comes at the same time.

 

And every time i restart emby-server, the box comes again.

Edited July 12, 2016 by newby

[newby 5]

i have shut down emby server. it is a problem for me to start 24/7 programs with a troja-virus in it. sorry

[Happy2Play 9781]

Sorry you feel it is an issue I guess if it was a real issue more than one person would see an issues.

 

Here Bitdefender says the files is fine Sit updated statuses.

 

https://www.virustotal.com/en/file/75b729c15cfebbf5369591c668b1d3049d5844623ae2bee66ae2e369ea4cbbb6/analysis/

Edited July 12, 2016 by Happy2Play

[newby 5]

SHA256: 75b729c15cfebbf5369591c668b1d3049d5844623ae2bee66ae2e369ea4cbbb6 File name: core_rl_wand_.dll Detection ratio: 0 / 55 Analysis date: 2016-01-25 21:27:36 UTC ( 5 months, 2 weeks ago )

 

 

Please see date. i have install every beta since weeks. since 3.1.62 bitdefender report an virus in these file. what should i belive????? 

if i erase my system folder and copy the new folder (beta) in my emby-folder, i have a virus warning and these file do not copy. 

okay it is better to deaktivate bitdefender? Or we all look at these problem to find a solution?

[Happy2Play 9781]

It is your choice but all the scans I have run from multiple different produces all come back clean so I wouldn't trust Bitdefender but everyone has a produce they trust.

[newby 5]

please scan the 64Bit version of these file. the scanner you use, a 32 bit file was scanned.

 

I cant send the file to the webside. my bitdefender block it.

 

can you help me?

[newby 5]

OKAY its your turn... please make a build without a virus.....

 

EMBY (BETA) is shut down so long we have a virus on board.

Edited July 12, 2016 by newby

[Happy2Play 9781]

Submitted sample to Bitdefender as False positive.

 

[FP] [sample] Submission 2016071220150005

 

Well I guess imagemagic is now a virus so take away everything it offers.   LOL    Nice generic virus. 

[newby 5]

i dont understand you? 

 

you send the file to bitdefender as false positive. ???? and now?

[Happy2Play 9781]

You will have to wait for them to update their database.  Until then use at your own risk if you trust Bitdefender.

[newby 5]

Is this the problem?   What to do?

• If you have a hosted website or blog, ask your hosting provider if they use ImageMagick.
• Patch ImageMagick as soon as possible. (Update. A fix was promised for the weekend of 2016-05-07; it was delivered by 2016-05-03, shortly after this article appeared.)
• In the meantime, apply ImageMagick’s suggested workaround by editing ImageMagick’s policy.xmlfile.

Details of the vulnerability have not yet been disclosed in order reduce the risk of copycat exploits.

However, the ImageMagick workaround involves adding the following lines to the product’s policy configuration:

<policy domain="coder" rights="none" pattern="EPHEMERAL" />

<policy domain="coder" rights="none" pattern="HTTPS" />

<policy domain="coder" rights="none" pattern="MVG" />

<policy domain="coder" rights="none" pattern="MSL" />

Simply put, these lines turn off automatic processing of certain types of input, none of which are traditional image files such as JPEG or GIF, and all of which can be used to refer to files on the local filing system.

We’re guessing that this ability to refer to “inside” files from outside the network is part of the problem that makes remote code execution possible.

As it happens, advice in one of ImageMagick’s support forums has been suggesting these locked-down settings since 2014, but they’re not yet part of the policy.xml file by default.

Interestingly, a third-party information site calling itself ImageTragick (yes, this bug has already attracted a logo, a PR-friendly name and a web page) also recommends adding:

<policy domain="coder" rights="none" pattern="URL" />

Presumably, that additional line turns off ImageMagick’s processing of remotely-specified URLs even if they aren’t using HTTPS.

[newby 5]

Hello,

 

Bitdefender do not report a virus for this file. Okay... Great work.

 

Thank you!!!!!

[Luke 42079]

Well done.

[Happy2Play 9781]

Yep databases were updated.

 

Looks like it down to 3 more products to update there databases.

[ike301 0]

 

Since 3.1.62 these message or installation-box comes with startup emby. since virus found. virus found in zip file too.

 

I was having the same exact issue. I created an image of my server a week before this happened. I restored that image and all was well for a day, then the problem returned. Bitdefender was the issue. Once I removed Bitdefender this issue went away completely.