Symantec Norton AntiVirus detecting Suspicious.Swizzor in Work Units
31 Mar 2009 14:08:48 UTC
Topic 194256
(moderation:
Has anyone had their AnitVirus product detect the work unit as Suspicious.Swizzor?
Einstein@Home tried to download new work and each time, Symantec detected Suspicious.Swizzor and took action.
This occurred on Hierarchical S5 all-sky GW search #5 3.01: h1_0868.00_S5R4__1191_S5R5a_0.
I just aborted the job. It wasn't like the download was successful, anyway, with Symantec detecting a virus in it.
Symantec Norton AntiVirus detecting Suspicious.Swizzor in Work U
)
Yes...I have! See the post I made elsewhere on this Bug Report forum...
RE: RE: Has anyone had
)
I presume both of you understand that the most likely reason for this is a deficiency in your anti-virus system which results in a "false positive" detection? Hopefully you have reported this to your anti-virus provider so that they can fix their software if it really is a false positive. It is extremely unlikely that EAH data files actually do contain a virus.
In the meantime until you receive updated virus definitions, you should consider configuring your anti-virus software so as to exclude scanning the BOINC data folder and sub-folders. This should allow BOINC to continue working without unnecessary hindrance.
Cheers,
Gary.
A few people have mentioned
)
A few people have mentioned AVG is detecting Swizzor virus in ABC@home tasks this week. See the discussion at http://abcathome.com/forum_thread.php?id=431#9817.
BOINC FAQ Service
Official BOINC wiki
Installing BOINC on Linux
RE: RE: RE: Has anyone
)
You left out the part where you said that Einstein had rescanned it files and found nothing, thereby leading you to suggest we turn off the scanning of the Boinc folder. Until you rescan your files it seems premature to suggest automatically that it is a false positive. I agree that it PROBABLY is a false positive, but I am not turning off anything until you guys say you have re-scanned the files and found nothing wrong on your end OR my anti-virus folks tell me it is their fault. Assuming is how people get problems in the first place.
Since the tasks can't execute
)
Since the tasks can't execute by themselves, any data therein that is flagged as suspicious is usually everything but suspicious. It's probably the data sequence in the files that makes the AV scanner flag it as suspicious.
Yet, if you're not sure, send it in to http://www.virustotal.com/, which will scan the same file with the following AV products:
# AhnLab (V3)
# Aladdin (eSafe)
# ALWIL (Avast! Antivirus)
# Authentium (Command Antivirus)
# AVG Technologies (AVG)
# Avira (AntiVir)
# Cat Computer Services (Quick Heal)
# ClamAV (ClamAV)
# Comodo (Comodo)
# CA Inc. (Vet)
# Doctor Web, Ltd. (DrWeb)
# Emsi Software GmbH (a-squared)
# Eset Software (ESET NOD32)
# Fortinet (Fortinet)
# FRISK Software (F-Prot)
# F-Secure (F-Secure)
# G DATA Software (GData)
# Hacksoft (The Hacker)
# Hauri (ViRobot)
# Ikarus Software (Ikarus)
# INCA Internet (nProtect)
# K7 Computing (K7AntiVirus)
# Kaspersky Lab (AVP)
# McAfee (VirusScan)
# Microsoft (Malware Protection)
# Norman (Norman Antivirus)
# Panda Security (Panda Platinum)
# PC Tools (PCTools)
# Prevx (Prevx1)
# Rising Antivirus (Rising)
# Secure Computing (SecureWeb)
# BitDefender GmbH (BitDefender)
# Sophos (SAV)
# Sunbelt Software (Antivirus)
# Symantec (Norton Antivirus)
# VirusBlokAda (VBA32)
# Trend Micro (TrendMicro)
# VirusBuster (VirusBuster)
When only your AV flags it as dangerous, you can easily assume it isn't dangerous. Of course, no AV product can guarantee 100% effectiveness on detecting and removing viruses.
I just sent one of my tasks through there, you can see the outcome of the scan here.
The scanners on this site can also scan zip files, so if you want to zip your task before admitting it, you can do so.
Over at ABC someone posted
)
Over at ABC someone posted that Avast has updated their signatures and all is fine again. I have updated my signatures but since my other project downloaded a ton of units I haven't started processing any yet to know when Boinc touches a unit to know if it is still reporting a problem.
RE: Since the tasks can't
)
RE: You left out the part
)
Mikey,
I haven't left anything out and nor have I "assumed" anything. There is simply not the pressing need to "rescan" the files in question - the E@H data files - as you so dramatically assert. Also, you should read more carefully what was actually written. I didn't say "automatically" that it must be a false positive. I did say it was "most likely" to be that. I also said that people "should consider" turning off scanning of BOINC data folders. I chose those words to make it clear that it's an opinion that people can accept or reject as they see fit.
The files, when originally created, were protected by an MD5 checksum. If someone has subsequently "interfered" with any data file, your BOINC client would notice when it recalculated the MD5 sum and found a difference. Your BOINC client would reject the file well before any virus scanner needed to deal with it. That's why it is a reasonable course of action to advise people to consider excluding the BOINC Data tree from the list of places to scan.
Of course, these days, virtually anything is possible so I'm sure prudent staff at the project would have taken a quick look just to make sure all is as it should be. However it really serves no useful purpose to overdramatise something that is unlikely to be a problem at all.
Cheers,
Gary.
RE: RE: You left out the
)
Blah, blah blah! (Not intended for you specifically!)
Do you guys ever stop to consider that there are computer-inept people like myself who never had the privilege of growing up with computers in our lives, and who also are on the net and trying, in our own way, to contribute?
To a lot of us, it seems, that you probably feel we should crawl-off and die in a corner somewhere!
I think I was the first to report the problem in another thread on this board, and did that because I was frustrated and did not know what to do. When you talk tech, it has no meaning to me...most-likely you'll rejoice when the last of my generation have all passed into the ethereal blue yonder, but until that comes to be you'll just have to put up with us!
I came here seeking help...and in plain English. What I get is a lot of gobble-de-gook that I can't understand for the life of me! Therefore I have had to resort to hiring a tech-person to solve the problem, and on a weekend, of all times...
RE: Do you guys ever stop
)
How can I not have considered exactly this? That is exactly what I am!
There are millions of us pre and actual baby boomers around who had well and truly completed our formal educations way before the first personal computers appeared.
Actually, not at all, but you do need to reconsider what will happen if you continue to insult those who try to help you.
Yes, you were, and you had an answer in very plain English from Ageless in less than 5 minutes from the time you posted. BTW, English is not Ageless' mother tongue but even so his answer was simple and very much to the point.
It'll be a bit hard to rejoice because chances are that I'll be dead too! You really do need to get rid of that chip and realise that people really don't have it in for you.
Have you reviewed Ageless' post in the other thread or my response to you in this thread?? How can you say that either response was anything but plain English? Essentially, both messages were making three points to you, which are:-
* This is something that can only be confirmed and fixed by your anti-virus software supplier.
* You can stop the annoying messages and unwanted interference in BOINC's legitimate activities by preventing your anti-virus software from scanning the places on your hard disk where the BOINC data files are stored, which is a user configuration option you need to perform, if you wish.
If you didn't understand "false positive" did you try throwing "virus false positive" into google? If you didn't understand "scan BOINC data directory" did you try throwing something like "prevent antivirus scan data directory" into google. If you didn't try google - why not?
With the greatest of respect, that is total codswallop.
You don't have to do anything of the sort, but you can certainly choose to of your own free will if you don't want to reconfigure your anti-virus software by yourself. At the very least you could have asked for help immediately after my first response by asking, "How do I stop scanning the BOINC data directory"? Since I don't use Symantec, I actually don't have a clue but I'd play with google and give you this response I found, which may be version dependent, but should be pretty close.
Actually, on second thoughts, I'd probably just tell you to google for the instructions.
PS: The word "directory" is the original Unix term for a file that contains (the storage details of) other ordinary files. "Folder" is the Microsoft equivalent term. The two terms mean exactly the same. Even Symantec used both in their instructions.
PS2: The world really isn't out to get you, embarrass you, or make you feel totally inadequate. Each of us are all perfectly capable of doing that to ourselves without any help from the world (who really couldn't care less anyway).
PS3: Your motto for each day should be to throw a single gobble-de-gook term into google and keep exploring the links returned until it all becomes clear. At the end of a year you'll have rid your world of 365.25 (and a bit) gobble-de-gook terms and you'll be able to feel very superior about this :-).
Good luck with your de-gobbledegooking crusade.
Cheers,
Gary.