From unknown Tue May 19 00:11:36 2026
X-Loop: owner@bugs.x2go.org
Subject: Bug#1485: Virus-Warning in Windows-Client on x2goclient-4.1.2.2-2020.02.13-setup.exe
Reply-To: Simon Riepertinger <simon.riepertinger@veith-system.de>, 1485@bugs.x2go.org
Resent-From: Simon Riepertinger <simon.riepertinger@veith-system.de>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: owner@bugs.x2go.org
X-Loop: owner@bugs.x2go.org
Resent-Date: Mon, 06 Jul 2020 11:45:01 +0000
Resent-Message-ID: <handler.1485.B.159403564912249@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: report 1485
X-X2Go-PR-Package: unknown
X-X2Go-PR-Keywords: 
Received: via spool by submit@bugs.x2go.org id=B.159403564912249
          (code B); Mon, 06 Jul 2020 11:45:01 +0000
Received: (at submit) by bugs.x2go.org; 6 Jul 2020 11:40:49 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.1 required=3.0 tests=BAYES_20,HTML_MESSAGE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,TRACKER_ID,URIBL_BLOCKED autolearn=no
	autolearn_force=no version=3.4.2
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.13])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id EDAC05DAE7
	for <submit@bugs.x2go.org>; Mon,  6 Jul 2020 13:40:35 +0200 (CEST)
Received: from [192.168.1.209] ([46.95.10.230]) by mrelayeu.kundenserver.de
 (mreue108 [212.227.15.183]) with ESMTPSA (Nemesis) id
 1MNso2-1kGgbD0kuG-00OFo2 for <submit@bugs.x2go.org>; Mon, 06 Jul 2020
 13:40:35 +0200
To: submit@bugs.x2go.org
From: Simon Riepertinger <simon.riepertinger@veith-system.de>
Autocrypt: addr=simon.riepertinger@veith-system.de; prefer-encrypt=mutual;
 keydata=
 mQINBFRPTtkBEACV9/aHAwj1xTrs4t175dXe/YtnFUe9kHYvfwRl4S7mqjqrjXTgQ5+JEF3j
 qsf52vj2+j0ib3yveuq1YgrnEb9SLl1WaqF7qmholXd/XpJDbG0CCNDCVZ6Es5E216IXYJDN
 esktGit9lOuGLh7SwkMMnxrRbiOiE5kNGYYWckKAuslm29eFRJih7DU6R9g6NFN1Y8iTrMGt
 LiiyBPV6PdSpxO9/z+oL7TNQWWPQ/BWdRrNJpqjoW7huj/rMqWgo+Q3XwQjINybyj4cKxD+B
 AmNHIanDBKh4fcjuxmQaalCDWV0YDu4tEDf1Y9Jr5ojkeTu+foS4/fKZyz5ClxRReShh7leD
 pxFC71FjCUhRFMXfTiO09KGoW15yfet6V0/2SdhIXjSXYoxuGdfIjB4+nNCXgEEJ6++6zXa9
 RfgBDZjZpg1aKoTzbc8bqrGe95sIeV9B/FiBpn6Vy4RldHA71vB6MvQmXDv+6J2pE+mPbZdu
 mHkDGoJXB7ouPagaUtBw/FU2v9RiU+BfI1D3ye9RRSDYW58hdLdnjXyqrmKLPLTJIMSJQt13
 LmZFXmVMrDcE3SIbOYsSbTbqmmbqtc9ZvtSc9ODBAwm1axdxqlUOersTkYYZpGobK7oGD9aI
 abszxEPKy/QwHDBb94/vWZm1vR9+Y8vDpTzeLCzXTJgaykdx9wARAQABtDdTaW1vbiBSaWVw
 ZXJ0aW5nZXIgPHNpbW9uLnJpZXBlcnRpbmdlckB2ZWl0aC1zeXN0ZW0uZGU+iQI/BBMBAgAp
 BQJUT07ZAhsjBQkJZgGABwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQAxQQcNczNI5u
 ww//QfC05gI8WvKrAmWVSsOGD0i1lQz/hCBQ4L0nHjBpAfjPYMBlwlsUW4MQoYW7XpDj8xs+
 wYkNgNkncnfgLdE29/wDm7/c3XKnbSoARompZ1HBEaJ763i+TczqJBMtkJPj5oIEneUNkpmF
 St4Aawmn3/4o0ZkBfbdtNuPZ7jeOMNr3L93QQx1O+G/RZuskg3Vs0LpwtMUmYyFZaLdrxylx
 f3e7HMz04b3sv1jWsZL1rB4xTdXYbCOi0rBnWJ9V2d9zc9kLpuedJmmDJMeok3wdBEbNNnPh
 HbAjiscc7nyUgDgkfJsKBFpJaOWje/lVi35rsaduhQQCUZl32WurmUButASQYQl6Ku9TNav+
 UE63gqFckCJ3XUCl2X5V94+3leP6ygxuGJRRTvDTAUmXELunI5j37swZTZvGR8VykbevgqNr
 TDKdqDOWDoRT3ecXAkJjgcTJNIYqPhvfKTyRHj183+o3Qw7KbjLDrT7bCWNIbFkuLZWch3CX
 /hcOXQsW4wQqcCs8aTXY94XbX+rAfyRkfgWpbCZKfGL4U6NrhWpjAWLqhqgFKYDmiSoH/dYZ
 w72DYDqPaBfWJnaOwIdrShiEl2SGg5QSYA4OrI21/bU2MNQbPVXXG9gG0Tt/EwUuNiUEnnHO
 TyAcSsotXgJmIoOpW6xRlpBGk90nccZo/51zG5k=
Message-ID: <64fd35e3-11ca-60cd-4899-0f07b9579751@veith-system.de>
Date: Mon, 6 Jul 2020 13:40:34 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="------------805808D0032E905370F67374"
Content-Language: de-DE
X-Provags-ID: V03:K1:sSyq09ZDSMOAOQ0ebpSv4IkhBeXipiSoAIn8fkYaGKgqYi85NH4
 pr8/DELUXFnsr05lRLWG49+juZTMcu2v/L+qt95u9j6Go2ooyjjrgNFYT67gBB72JOVlIwU
 nLYISwa9GHSvIlB+DdgANH2ES3oGdeQloUPDW+nrfmaosgce1SvIUmczvzIsQe/2GB+s0y/
 zm5n3/Y3eQIDNbXPEy5gw==
X-UI-Out-Filterresults: notjunk:1;V03:K0:5YEYmtQ8A+A=:LYqo/tCGFLdl8r2DSZ6a0v
 plQTYAdgGSQ0e2txBzHZqN5f2+XVdQMMP70BSlKqOvoeMX3PhuRkMMXFMZN7JyPZcTMG1ry9S
 GDXj/IC/H8v+2K4aJzulVGixJUGX8pXJBJ4ynAIYYLET90nFgtWa0UTKph7bvjSesM9RUQuH1
 htP3xzoIoXgHaTBrXTgCVIu9qN7Hu1JAoTgTKdjmzPcC+tPSeuhjdbUzlxoJnj6aQHkIau4zy
 LO16FcpJt3VyFIkoL2v+B39dKhr2Cu9Jj1hfEBV0rc2YnRBnKXw69NBLUWfbx6XTBWXyTsGOs
 6kD50PoIV3NOSC+x1ZmOAZlg0K3lt0gHK2LFipyAKt/tShRzHtrjF1wvzB5Phw7ynYkBQvyNY
 tFSL6O3p4lbd/5tsFj3OKpcS01ZgrjFzrmXkiaJOrAILdID/rl8SGwid6z+VraoSatLz8//QO
 uXZMeAKyZnV4JiKRkjUv10UpYcIchekLIux7eKlxE7vkF8U+Ktwz6Z55UgiMnfpAt72Y6Wh32
 yV25ZAZiQcyFgPlClOK3NMXWfGtoRlCf0ufK+X9CrfEGh2surtzbgqGFx/4KcM3RKBk5p2kK5
 aPcdIelOEt/jWic5Ur88npmIQjQn7vQcvRqARAKBe9tCkz5t/YR2jmaDEpQZehxOtq2RkzEw3
 P3eLbwSQPCSqbYYFQishpoyT4AQk9TqjTSPI8JPjmBrTkXqXXIONtdGN2O0EAArYxjTrPGJtv
 EAWMkiTlTsiGPYr4rDEU0UgXbC69IJ3E2qx5IIcOoBYTebRne+8NdqPClhfZ0rZoBhjEoi4kK
 lkQZLu0/Z5Ea1ma46J8ckCZgOo7MuDRfh7pcTKq3ckkFMOMkwcdEMhSAuBukY1Arih1JRvHaJ
 61i6zan95Eda2utEdnmQ==

This is a multi-part message in MIME format.
--------------805808D0032E905370F67374
Content-Type: multipart/alternative;
 boundary="------------03C751C801E4C899B940DABA"


--------------03C751C801E4C899B940DABA
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit

Package: unknown
Version: x2goclient-4.1.2.2-2020.02.13-setup.exe / X2GoClient_latest_mswin32-setup.exe

After downloading the file in Firefox Firefox tells me, that the file contains a virus/malware.

A quick online-check on virustotal with both files returns:

    No engines detected this URL

but uploading the file yields 4 positive on:

    4 engines detected this file
    227857330e14cf88c88159c5439c914ce2e4170c7aa29149641d5df11d1745f0
    x2goclient

scanning the file manually on my system gave no results.

I'm using:
Firefox ver: 78.0.1
Windows: Version 10.0.18363.900


-- 
Veith System GmbH
Laiming 3
83112 Frasdorf - Germany

Tel: +49-(0)8052-2636
Fax: +49-(0)8052-4019
E-Mail: info@veith-system.de
USt.-IdNr.: DE 131 200 756
Handelsregister: Traunstein B4434
Geschäftsführer: Ulrich Veith, Adrian Veith


--------------03C751C801E4C899B940DABA
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <font face="Arial">Package: unknown<br>
      Version: x2goclient-4.1.2.2-2020.02.13-setup.exe /
      X2GoClient_latest_mswin32-setup.exe<br>
      <br>
      After downloading the file in Firefox Firefox tells me, that the
      file contains a virus/malware.<br>
      <br>
      A quick online-check on virustotal with both files returns:<br>
    </font>
    <blockquote>No engines detected this URL<br>
    </blockquote>
    <font face="Arial">but uploading the file yields 4 positive on: <br>
    </font>
    <blockquote><font face="Arial"><span>
          <div>4 engines detected this file </div>
        </span></font><font face="Arial"><span> </span> </font>
      <div class="actions"> </div>
      <div class="download-button-wrapper"> </div>
      <div>
        <div class="row">
          <div class="object-id">
            <div class="file-id">227857330e14cf88c88159c5439c914ce2e4170c7aa29149641d5df11d1745f0</div>
            <div class="file-name"> <a>x2goclient</a> </div>
          </div>
        </div>
      </div>
    </blockquote>
    <div>
      <div class="row">
        <div class="object-id"> <font face="Arial">scanning the file
            manually on my system gave no results.<br>
            <br>
            I'm using:<br>
            Firefox ver: 78.0.1<br>
            Windows: Version 10.0.18363.900<br>
          </font></div>
      </div>
    </div>
    <font face="Arial"><br>
      <br>
    </font>
    <pre class="moz-signature" cols="0">-- 
Veith System GmbH
Laiming 3
83112 Frasdorf - Germany

Tel: +49-(0)8052-2636
Fax: +49-(0)8052-4019
E-Mail: <a class="moz-txt-link-abbreviated" href="mailto:info@veith-system.de">info@veith-system.de</a>
USt.-IdNr.: DE 131 200 756
Handelsregister: Traunstein B4434
Geschäftsführer: Ulrich Veith, Adrian Veith</pre>
  </body>
</html>

--------------03C751C801E4C899B940DABA--

--------------805808D0032E905370F67374
Content-Type: text/x-vcard; charset=utf-8;
 name="simon_riepertinger.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="simon_riepertinger.vcf"

begin:vcard
fn:Simon Riepertinger
n:Riepertinger;Simon
email;internet:simon.riepertinger@veith-system.de
tel;work:080 52 26 36
version:2.1
end:vcard


--------------805808D0032E905370F67374--