[Matroska-users] allegedly a backdoor in the mkvtoolnix Windows installer for v2.4.1

Moritz Bunkus moritz at bunkus.org
Mon Dec 8 23:39:07 CET 2008

Hi Bogdan & the Matroska mailing list,

I've received several reports of users that the Windows installer for
2.4.1 supposedly contains a backdoor as reported by Kaspersky Anti Virus
and other scanners that use Kaspersky's engine. Here's what I have to
say about that after a careful investigation:

On Monday 08 December 2008, Bogdan Sladaru wrote:

> I downloaded the mkvtoolnix 2.4.1 (Windows installer) from your site (
> http://www.bunkus.org/videotools/mkvtoolnix/downloads.html#windows ->
> http://www.bunkus.org/videotools/mkvtoolnix/win32/mkvtoolnix-unicode-2.4.1-setup.exe)
> and I got a warning from Kaspersky Antivirus, saying that the file is
> infected by a backdoor.

That's a false positive. I've already received several warnings from
other users and scanned said file with various scanners -- no infections
found (only by those who use Kaspersky's scan engine).

I'm also building the programs and installer on a Linux machine, there's
no Windows involved during the build.

Additionally I've scanned my only Windows desktop that I have here with
two virus scanners (one of them is constantly running anyway), again, no
infections found. I'm taking anti virus security very serious.

Nevertheless, I've now provided a new installer with a new one which not
even Kaspersky find's anything in:


That file is exactly 4115100 bytes big. It's MD5 checksum is
118ff4027534058302d7006db6371c11, it's SHA1 checksum is

I've also posted this note on my webpage at


If Darl McBride was in charge, he'd probably make marriage
unconstitutional too, since clearly it de-emphasizes the commercial
nature of normal human interaction, and probably is a major impediment
to the commercial growth of prostitution. - Linus Torvalds

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.matroska.org/pipermail/matroska-users/attachments/20081208/7c16baa3/attachment-0001.pgp>

More information about the Matroska-users mailing list