Re: NASM virus issues.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2020-06-28 at 15:12 +1200, David Harris wrote:
> I normally compile OpenSSL with "no-asm", but this time I thought I'd
> try 
> installing NASM and seeing what difference, if any, it actually made.
> 
> I downloaded NASM from the official site (which I believe to be 
> http://www.nasm.us) and, as I always do with anything I source from
> outside my 
> firewall, ran it through virustotal (
> https://www.virustotal.com/gui/home/upload).
> 
> It reports 11 different scanners out of 72 finding malware in the
> file 
> (nasm-2.15.01-installer-x86.exe). Now, one or two reports from
> Virustotal is 
> normal - there are so many scanners out there that there are bound to
> be 
> occasional false-positives... But 11 is more than I have ever seen on
> something 
> that supposedly wasn't infected. Interestingly, VirusTotal did not
> have cached 
> results for this file, meaning that nobody else has tested it in the
> last month or 
> so.
> 
> Google didn't reveal any insight, and the NASM project doesn't have
> any contact 
> options that don't involve registration or mailing lists or I'd
> report this to them. 
> There is no mention of anything like this in their forum.
> 
> 11 reports is too many for me to feel safe using this product, so for
> now I'll keep 
> using no-asm, and hope that it's not going to get more deprecated
> than it 
> apparently is at present (based on the comments in INSTALL).
> 
> If anyone on the list has a NASM account or knows any of the
> maintainers, 
> could they pass this on? They really should be aware of it.

I'd recommend reporting your findings to the NASM bugzilla 
http://bugzilla.nasm.us/ or to their forum at 
https://forum.nasm.us/

-- 
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux