Hello,
what do you think about this online scan with https://virusscan.jotti.org/ ?
https://sites.google.com/site/chessphen ... feuerstein
Clam-AV Mar 16, 2018
PUA.Win.Packer.Upx-48
TREND MICRO Mar 17, 2018
PAK_Generic.005
The download link to former versions are disabled here:
http://www.computer-chess.org/doku.php? ... nload_list
Best wishes,
Norbert
Feuerstein 0.4.6.1 UCI - infected with malware?
Moderators: hgm, Rebel, chrisw
-
- Posts: 1643
- Joined: Tue May 20, 2008 4:57 pm
- Location: Augsburg - Germany
-
- Posts: 2488
- Joined: Tue Aug 30, 2016 8:19 pm
- Full name: Rasmus Althoff
Re: Feuerstein 0.4.6.1 UCI - infected with malware?
For ClamAV, see here:
https://www.clamav.net/documents/potent ... ations-pua
It seems that the engine is using a runtime packer, which explains why zipping it doesn't really compress it (since it is already compressed), and why the exe is so small. Packing EXEs was used decades ago in order to brag with small executable sizes, I remember a tool for that on an old PC-XT. Using that today is an anachronism.
The reason why some virus scanners find this suspicious is that packing an EXE means that the executable manipulates its own code at runtime, which is also a typical behaviour of malware. Plus that, depending on whether the virus scanner knows the packer, it can be used to conceal the actual code, which is also typical for malware.
In short, benign software should not use this stuff anymore. It only helps cutting down the download size, which is done via zipping anyway, and the disk size, which is irrelevant with today's harddisks. The used RAM size at execution time is at least the same, possibly even more.
https://www.clamav.net/documents/potent ... ations-pua
It seems that the engine is using a runtime packer, which explains why zipping it doesn't really compress it (since it is already compressed), and why the exe is so small. Packing EXEs was used decades ago in order to brag with small executable sizes, I remember a tool for that on an old PC-XT. Using that today is an anachronism.
The reason why some virus scanners find this suspicious is that packing an EXE means that the executable manipulates its own code at runtime, which is also a typical behaviour of malware. Plus that, depending on whether the virus scanner knows the packer, it can be used to conceal the actual code, which is also typical for malware.
In short, benign software should not use this stuff anymore. It only helps cutting down the download size, which is done via zipping anyway, and the disk size, which is irrelevant with today's harddisks. The used RAM size at execution time is at least the same, possibly even more.
-
- Posts: 1296
- Joined: Sun Mar 12, 2006 6:46 pm
- Location: Kelowna
- Full name: Tony Mokonen
Re: Feuerstein 0.4.6.1 UCI - infected with malware?
Feuerstein is compressed with UPX, and can be uncompressed. I have uploaded the uncompressed version (which is still a pretty tiny 22KB) here:
http://tonyschess.x10host.com/Feuerstei ... ressed.rar
http://tonyschess.x10host.com/Feuerstei ... ressed.rar