[Matroska-users] allegedly a backdoor in the mkvtoolnix Windows installer for v2.4.1

Moritz Bunkus moritz at bunkus.org
Mon Dec 8 23:39:07 CET 2008


Hi Bogdan & the Matroska mailing list,

I've received several reports of users that the Windows installer for
2.4.1 supposedly contains a backdoor as reported by Kaspersky Anti Virus
and other scanners that use Kaspersky's engine. Here's what I have to
say about that after a careful investigation:

On Monday 08 December 2008, Bogdan Sladaru wrote:

> I downloaded the mkvtoolnix 2.4.1 (Windows installer) from your site (
> http://www.bunkus.org/videotools/mkvtoolnix/downloads.html#windows ->
> http://www.bunkus.org/videotools/mkvtoolnix/win32/mkvtoolnix-unicode-2.4.1-setup.exe)
> and I got a warning from Kaspersky Antivirus, saying that the file is
> infected by a backdoor.

That's a false positive. I've already received several warnings from
other users and scanned said file with various scanners -- no infections
found (only by those who use Kaspersky's scan engine).

I'm also building the programs and installer on a Linux machine, there's
no Windows involved during the build.

Additionally I've scanned my only Windows desktop that I have here with
two virus scanners (one of them is constantly running anyway), again, no
infections found. I'm taking anti virus security very serious.

Nevertheless, I've now provided a new installer with a new one which not
even Kaspersky find's anything in:

http://www.bunkus.org/videotools/mkvtoolnix/win32/pre/mkvtoolnix-unicode-2.4.1-build20081207-44-setup.exe

That file is exactly 4115100 bytes big. It's MD5 checksum is
118ff4027534058302d7006db6371c11, it's SHA1 checksum is
b4a9ec6a4a474cfc1bfa20755da548da63aa4580.

I've also posted this note on my webpage at
http://www.bunkus.org/videotools/mkvtoolnix/allegedly-backdoor-in-windows-installer-v2-4-1.html

Regards,
Mosu

-- 
If Darl McBride was in charge, he'd probably make marriage
unconstitutional too, since clearly it de-emphasizes the commercial
nature of normal human interaction, and probably is a major impediment
to the commercial growth of prostitution. - Linus Torvalds

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.matroska.org/pipermail/matroska-users/attachments/20081208/7c16baa3/attachment-0001.pgp>


More information about the Matroska-users mailing list