3 replies to this topic

[Jan Erik]

For some time, my F-Secure Internet Security 2010 (and maybe other Internet Securities) requested permission to run curl.exe each time I wanted to update the Autopatcher, but since recently F-Secure just blocks it and I cannot update Autopatcher before I find out how to unblock it.

According to the Internet, curl.exe is regarded as a potential spyware file.

I suggest to find another way for running the updates then relying on curl.exe.

I very much appreciate the work you do, guys!

Jan Erik

[Cristiano]

curl is freeware and also opensource. the full sources for it can be reached in here and is wildly used as an download engine. as you know, is useless put an malware inside any open source software, because anyone can remove it. so, this is nothing more than f-secure doing an lazy job. i don't have f-secure to find an setting for this one, but internet security software us to have an "always allow" rule.

and this was the scan result for this file, taken from several engines through virustotal.com:
Complete scanning result of "curl.exe", processed in VirusTotal at 04/08/2010 18:42:42 (CET).

[ file data ]
* name..: curl.exe
* size..: 287232
* md5...: 9963feed9f748091db1b494410099ea2
* sha1..: 75cfa0a957bab116feaea1b28b010f475842f40a
* peid..: -

[ scan result ]
a-squared 4.5.0.50/20100408 found nothing
AhnLab-V3 5.0.0.2/20100408 found nothing
AntiVir 7.10.6.49/20100408 found nothing
Antiy-AVL 2.0.3.7/20100408 found nothing
Authentium 5.2.0.5/20100408 found nothing
Avast 4.8.1351.0/20100408 found nothing
Avast5 5.0.332.0/20100408 found nothing
AVG 9.0.0.787/20100408 found nothing
BitDefender 7.2/20100408 found nothing
CAT-QuickHeal 10.00/20100408 found nothing
ClamAV 0.96.0.3-git/20100408 found nothing
Comodo 4540/20100408 found nothing
DrWeb 5.0.2.03300/20100408 found nothing
eSafe 7.0.17.0/20100408 found nothing
eTrust-Vet 35.2.7414/20100408 found nothing
F-Prot 4.5.1.85/20100407 found nothing
F-Secure 9.0.15370.0/20100408 found nothing
Fortinet 4.0.14.0/20100408 found nothing
GData 19/20100408 found nothing
Ikarus T3.1.1.80.0/20100408 found nothing
Jiangmin 13.0.900/20100408 found nothing
Kaspersky 7.0.0.125/20100408 found nothing
McAfee-GW-Edition 6.8.5/20100408 found [Heuristic.BehavesLike.Win32.PasswordStealer.I]
Microsoft 1.5605/20100408 found nothing
NOD32 5010/20100408 found nothing
Norman 6.04.11/20100408 found nothing
nProtect 2009.1.8.0/20100406 found nothing
Panda 10.0.2.2/20100408 found nothing
PCTools 7.0.3.5/20100408 found nothing
Prevx 3.0/20100408 found nothing
Rising 22.42.03.03/20100408 found nothing
Sophos 4.52.0/20100408 found nothing
Sunbelt 6151/20100408 found nothing
Symantec 20091.2.0.41/20100408 found nothing
TheHacker 6.5.2.0.258/20100408 found nothing
TrendMicro 9.120.0.1004/20100408 found nothing
VBA32 3.12.12.4/20100405 found nothing
ViRobot 2010.4.8.2267/20100408 found nothing
VirusBuster 5.0.27.0/20100408 found nothing

so, except for an wrong detection given by McAfee-GW, no problem at all

as for an replacement of the engine, the idea is merge booth autopatcher and apup, probably replacing even vb6. but this may take a long time yet

[]s

[Jan Erik]

OK, I found out how to allow curl.exe in F-Secure.
Yet it seems that it could possibly also (and exceptionally) be abused by spyware, even if the version you use isn't.
It will be highly unlikely that this will happen in the future and I trust that you keep a check on it.

Edited by Jan Erik, 14 April 2010 - 06:52 AM.

[Cristiano]

> I found out how to allow curl.exe in F-Secure.
can you please describe it? it may help others in the future

> it seems that it could possibly also (and exceptionally) be abused by spyware
anything can be abused. in fact, several windows processes are already abused by viruses and spywares

> you keep a check on it
for sure

[]s