Thank you for the rapid response Stefan Baur,

Although I do agree that those AV names are, shall we say, 'less reputable', I was only emailing for due diligence in that both FF and Chrome flagged it as malicious.

Thank you for addressing my concerns,

Josh Conway

On Fri, Feb 28, 2020 at 9:32 AM <x2go-user-request@lists.x2go.org> wrote:
Send x2go-user mailing list submissions to
        x2go-user@lists.x2go.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.x2go.org/listinfo/x2go-user
or, via email, send a message with subject or body 'help' to
        x2go-user-request@lists.x2go.org

You can reach the person managing the list at
        x2go-user-owner@lists.x2go.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of x2go-user digest..."


Today's Topics:

   1. Credible warning of infected / trojaned X2go windows binary
      (Josh Conway)
   2. Re: Credible warning of infected / trojaned X2go windows
      binary (Stefan Baur)


----------------------------------------------------------------------

Message: 1
Date: Fri, 28 Feb 2020 09:09:17 -0500
From: Josh Conway <jwcrawley@gmail.com>
To: x2go-user@lists.x2go.org
Subject: [X2Go-User] Credible warning of infected / trojaned X2go
        windows binary
Message-ID:
        <CACxuvT5Pp7tSgc29tdeurqynrn=wwijRYJi_mb7_k7W6OVL=_g@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Greetings,

Upon downloading the file:

https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/x2goclient-4.1.2.2-2020.02.13-setup.exe

MD5 8b1ac4cb969d116c9303ab3fafe50a01
SHA-1 ce77b87fd972aa12c74bb36181371034b0bb051d
SHA-256 227857330e14cf88c88159c5439c914ce2e4170c7aa29149641d5df11d1745f0

Firefox *and* Google Chrome both throw errors for detected malware.

Running said file through Virustotal shows the 6 AV products' results:

Bkav: HW32.Packed.

Panda: PUP/RemoteAdmin

Trapmine: Malicious.moderate.ml.score

Webroot: W32.Ransom.Gen

Yandex: Trojan.Agent!RIMR9kcXEpU

Zillya: Trojan.Generic.Win32.1026149


I've attempted to ping people in the freenode #x2go irc room to no avail.


Josh Conway
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/1d0d8bf8/attachment-0001.html>

------------------------------

Message: 2
Date: Fri, 28 Feb 2020 15:31:48 +0100
From: Stefan Baur <X2Go-ML-1@baur-itcs.de>
To: x2go-user@lists.x2go.org
Subject: Re: [X2Go-User] Credible warning of infected / trojaned X2go
        windows binary
Message-ID: <ad8d422c-f8f2-14f5-d2bc-dc6c594a63b5@baur-itcs.de>
Content-Type: text/plain; charset="utf-8"

Am 28.02.20 um 15:09 schrieb Josh Conway:
> Greetings,
>
> Upon downloading the file:
>
> https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/x2goclient-4.1.2.2-2020.02.13-setup.exe
>
> MD5 8b1ac4cb969d116c9303ab3fafe50a01
> SHA-1 ce77b87fd972aa12c74bb36181371034b0bb051d
> SHA-256 227857330e14cf88c88159c5439c914ce2e4170c7aa29149641d5df11d1745f0
>
> Firefox *and* Google Chrome both throw errors for detected malware.
>
> Running said file through Virustotal shows the 6 AV products' results:
>
> Bkav: HW32.Packed.
> Panda: PUP/RemoteAdmin
> Trapmine: Malicious.moderate.ml.score
> Webroot: W32.Ransom.Gen
> Yandex: Trojan.Agent!RIMR9kcXEpU
> Zillya: Trojan.Generic.Win32.1026149


Josh,

these scanners are a) not exactly the most reliable ones and b) they are
throwing "generic" names, which means it's their heuristic detection
that is giving the alarm.

The total amount of scanners at Virustotal that scanned the file is 57 -
as long as only 6 out of 57 trigger the alarm, and there's not a single
reputable name amongst those being triggered, there's nothing to worry
about.  I'd start worrying once Avast, AVG, Avira, BitDefender, F-Prot,
F-Secure, Kaspersky, G-Data, Malwarebytes, McAfee, Microsoft, Sophos,
Symantec or TrendMicro start throwing warnings.  As of now, this can
safely be dismissed as a false alarm.

Also, next to our download, in the same directory
<https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/>,
you can find MD5, SHA1 and SHA256 checksums *as well as a GPG signature*
from us.  Do check that signature - if it matches, there's nothing to
worry about.

The reason why Firefox and Chrome trigger an alert, and what to do about
it, has been discussed on this mailing list before, see this thread:
<https://www.mail-archive.com/x2go-user@lists.x2go.org/msg03640.html>

Kind Regards,
Stefan Baur

--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x6EDDF418CDBE5119.asc
Type: application/pgp-keys
Size: 56524 bytes
Desc: not available
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/138979b4/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/138979b4/attachment.sig>

------------------------------

Subject: Digest Footer

_______________________________________________
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user


------------------------------

End of x2go-user Digest, Vol 70, Issue 24
*****************************************