Slicer download URLs marked as malware by corporate IT rules

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Slicer download URLs marked as malware by corporate IT rules

Andrey Fedorov-2
Hi,

I noticed today the download links are blocked off by Partners
networking (see screenshot).

Did anyone else in other organizations notice this? I wonder if this
is related to the download packages being marked by Kaspersky
antivirus.

AF

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.

IMG_20160112_113731335_HDR.jpg (4M) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Slicer download URLs marked as malware by corporate IT rules

Jean-Christophe Fillion-Robin
Hi Andrey, 

As an update, here is the email I shared internally this weekend:

8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----
Two updates:

False positive on Kaspersky
--------------------------------------

To keep track of the problem, I created two issues. See [1] and [2]

Considering Kaspersky support is closed on the weekend, I will plan on calling during the week.

In the mean time, I did the following:

* sent them a facebook message

 
* upload incriminated binaries on https://virusdesk.kaspersky.com/ for further analysis. Details available on Google plus and associated mantis issue.

Installers signing
----------------------

As discussed with Ron few days ago, Kitware will work on addressing the signing of binaries, starting with Windows installers.


[1] 4123: Slicer.exe (AppLauncher) detected as a malware [PDM:Trojan.Win32.Bazon.a] by Kapsersky

[2] 4124: Slicer.exe (AppLauncher) detected as a malware [Hoax.Win32.ArchSMS.cnpls] by Microsoft
8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----

On Tue, Jan 12, 2016 at 12:06 PM, Andrey Fedorov <[hidden email]> wrote:
Hi,

I noticed today the download links are blocked off by Partners
networking (see screenshot).

Did anyone else in other organizations notice this? I wonder if this
is related to the download packages being marked by Kaspersky
antivirus.

AF

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.




--
+1 919 869 8849

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
Reply | Threaded
Open this post in threaded view
|

Re: Slicer download URLs marked as malware by corporate IT rules

Jean-Christophe Fillion-Robin
Hi Folks, 

To follow up, I just called the Kaspersky support and, as requested, I sent an email to "newvirus [at] kaspersky.com" :

For reference:

8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------

Dear Kaspersky Support team, 

Following my call with the Kaserpsky support, I am reaching out to you.

We are having issues with the http://download.slicer.org being treated as a malware by Kaspersky.

Note also that I submitted the incriminated executables on https://virusdesk.kaspersky.com/ , all details are reported here:


Would appreciate your guidance to address the problem.

Thanks for your help, 
Jc
8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------

On Tue, Jan 12, 2016 at 12:17 PM, Jean-Christophe Fillion-Robin <[hidden email]> wrote:
Hi Andrey, 

As an update, here is the email I shared internally this weekend:

8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----
Two updates:

False positive on Kaspersky
--------------------------------------

To keep track of the problem, I created two issues. See [1] and [2]

Considering Kaspersky support is closed on the weekend, I will plan on calling during the week.

In the mean time, I did the following:

* sent them a facebook message

 
* upload incriminated binaries on https://virusdesk.kaspersky.com/ for further analysis. Details available on Google plus and associated mantis issue.

Installers signing
----------------------

As discussed with Ron few days ago, Kitware will work on addressing the signing of binaries, starting with Windows installers.


[1] 4123: Slicer.exe (AppLauncher) detected as a malware [PDM:Trojan.Win32.Bazon.a] by Kapsersky

[2] 4124: Slicer.exe (AppLauncher) detected as a malware [Hoax.Win32.ArchSMS.cnpls] by Microsoft
8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----

On Tue, Jan 12, 2016 at 12:06 PM, Andrey Fedorov <[hidden email]> wrote:
Hi,

I noticed today the download links are blocked off by Partners
networking (see screenshot).

Did anyone else in other organizations notice this? I wonder if this
is related to the download packages being marked by Kaspersky
antivirus.

AF

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.




--
<a href="tel:%2B1%20919%20869%208849" value="&#43;19198698849" target="_blank">+1 919 869 8849

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.




--
+1 919 869 8849

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
Reply | Threaded
Open this post in threaded view
|

Re: Slicer download URLs marked as malware by corporate IT rules

Halle, Michael Wilfred,Ph.D.
I think you should be clear. Download.slicer.org isn't being flagged. It is the Midas URL it redirects to for the actual download that was flagged.

-M


From: Jean-Christophe Fillion-Robin <[hidden email]>
Sent: Jan 12, 2016 12:34 PM
To: Andrey Fedorov
Cc: SPL Slicer Users
Subject: Re: [slicer-users] Slicer download URLs marked as malware by corporate IT rules

Hi Folks, 

To follow up, I just called the Kaspersky support and, as requested, I sent an email to "newvirus [at] kaspersky.com" :

For reference:

8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------

Dear Kaspersky Support team, 

Following my call with the Kaserpsky support, I am reaching out to you.

We are having issues with the http://download.slicer.org being treated as a malware by Kaspersky.

Note also that I submitted the incriminated executables on https://virusdesk.kaspersky.com/ , all details are reported here:


Would appreciate your guidance to address the problem.

Thanks for your help, 
Jc
8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------

On Tue, Jan 12, 2016 at 12:17 PM, Jean-Christophe Fillion-Robin <[hidden email]> wrote:
Hi Andrey, 

As an update, here is the email I shared internally this weekend:

8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----
Two updates:

False positive on Kaspersky
--------------------------------------

To keep track of the problem, I created two issues. See [1] and [2]

Considering Kaspersky support is closed on the weekend, I will plan on calling during the week.

In the mean time, I did the following:

* sent them a facebook message

 
* upload incriminated binaries on https://virusdesk.kaspersky.com/ for further analysis. Details available on Google plus and associated mantis issue.

Installers signing
----------------------

As discussed with Ron few days ago, Kitware will work on addressing the signing of binaries, starting with Windows installers.


[1] 4123: Slicer.exe (AppLauncher) detected as a malware [PDM:Trojan.Win32.Bazon.a] by Kapsersky

[2] 4124: Slicer.exe (AppLauncher) detected as a malware [Hoax.Win32.ArchSMS.cnpls] by Microsoft
8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----

On Tue, Jan 12, 2016 at 12:06 PM, Andrey Fedorov <[hidden email]> wrote:
Hi,

I noticed today the download links are blocked off by Partners
networking (see screenshot).

Did anyone else in other organizations notice this? I wonder if this
is related to the download packages being marked by Kaspersky
antivirus.

AF

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.




--
<a href="tel:%2B1%20919%20869%208849" value="&#43;19198698849" target="_blank">+1 919 869 8849

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.




--
+1 919 869 8849

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
Reply | Threaded
Open this post in threaded view
|

Re: Slicer download URLs marked as malware by corporate IT rules

Andrey Fedorov-2
In reply to this post by Jean-Christophe Fillion-Robin

Pending resolution of this issue, I assume there is no alternative download mechanism we can provide, right?

I guess we could manually put things on Dropbox as a workaround?

---
Sent from my mobile device

On Jan 12, 2016 12:34 PM, "Jean-Christophe Fillion-Robin" <[hidden email]> wrote:
Hi Folks, 

To follow up, I just called the Kaspersky support and, as requested, I sent an email to "newvirus [at] kaspersky.com" :

For reference:

8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------

Dear Kaspersky Support team, 

Following my call with the Kaserpsky support, I am reaching out to you.

We are having issues with the http://download.slicer.org being treated as a malware by Kaspersky.

Note also that I submitted the incriminated executables on https://virusdesk.kaspersky.com/ , all details are reported here:


Would appreciate your guidance to address the problem.

Thanks for your help, 
Jc
8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------

On Tue, Jan 12, 2016 at 12:17 PM, Jean-Christophe Fillion-Robin <[hidden email]> wrote:
Hi Andrey, 

As an update, here is the email I shared internally this weekend:

8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----
Two updates:

False positive on Kaspersky
--------------------------------------

To keep track of the problem, I created two issues. See [1] and [2]

Considering Kaspersky support is closed on the weekend, I will plan on calling during the week.

In the mean time, I did the following:

* sent them a facebook message

 
* upload incriminated binaries on https://virusdesk.kaspersky.com/ for further analysis. Details available on Google plus and associated mantis issue.

Installers signing
----------------------

As discussed with Ron few days ago, Kitware will work on addressing the signing of binaries, starting with Windows installers.


[1] 4123: Slicer.exe (AppLauncher) detected as a malware [PDM:Trojan.Win32.Bazon.a] by Kapsersky

[2] 4124: Slicer.exe (AppLauncher) detected as a malware [Hoax.Win32.ArchSMS.cnpls] by Microsoft
8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----

On Tue, Jan 12, 2016 at 12:06 PM, Andrey Fedorov <[hidden email]> wrote:
Hi,

I noticed today the download links are blocked off by Partners
networking (see screenshot).

Did anyone else in other organizations notice this? I wonder if this
is related to the download packages being marked by Kaspersky
antivirus.

AF

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.




--
<a href="tel:%2B1%20919%20869%208849" value="&#43;19198698849" target="_blank">+1 919 869 8849

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.




--
<a href="tel:%2B1%20919%20869%208849" value="&#43;19198698849" target="_blank">+1 919 869 8849

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
Reply | Threaded
Open this post in threaded view
|

Re: Slicer download URLs marked as malware by corporate IT rules

Halle, Michael Wilfred,Ph.D.
There's no trivial way to do so on download.slicer.org without complete rearchitecture of the process. We basically provide a nice ui and download tracking for the slicer releases in MIDAS. We dump off the bulk storage question to them.

MIDAS metadata records don't seem to anticipate or support the concept of mirrors. Even if they did, the same tainted bits might come from a mirror source.

-M


From: Andrey Fedorov <[hidden email]>
Sent: Jan 12, 2016 1:03 PM
To: Jean-Christophe Fillion-Robin
Cc: SPL Slicer Users
Subject: Re: [slicer-users] Slicer download URLs marked as malware by corporate IT rules

Pending resolution of this issue, I assume there is no alternative download mechanism we can provide, right?

I guess we could manually put things on Dropbox as a workaround?

---
Sent from my mobile device

On Jan 12, 2016 12:34 PM, "Jean-Christophe Fillion-Robin" <[hidden email]> wrote:
Hi Folks, 

To follow up, I just called the Kaspersky support and, as requested, I sent an email to "newvirus [at] kaspersky.com" :

For reference:

8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------

Dear Kaspersky Support team, 

Following my call with the Kaserpsky support, I am reaching out to you.

We are having issues with the http://download.slicer.org being treated as a malware by Kaspersky.

Note also that I submitted the incriminated executables on https://virusdesk.kaspersky.com/ , all details are reported here:


Would appreciate your guidance to address the problem.

Thanks for your help, 
Jc
8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------

On Tue, Jan 12, 2016 at 12:17 PM, Jean-Christophe Fillion-Robin <[hidden email]> wrote:
Hi Andrey, 

As an update, here is the email I shared internally this weekend:

8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----
Two updates:

False positive on Kaspersky
--------------------------------------

To keep track of the problem, I created two issues. See [1] and [2]

Considering Kaspersky support is closed on the weekend, I will plan on calling during the week.

In the mean time, I did the following:

* sent them a facebook message

 
* upload incriminated binaries on https://virusdesk.kaspersky.com/ for further analysis. Details available on Google plus and associated mantis issue.

Installers signing
----------------------

As discussed with Ron few days ago, Kitware will work on addressing the signing of binaries, starting with Windows installers.


[1] 4123: Slicer.exe (AppLauncher) detected as a malware [PDM:Trojan.Win32.Bazon.a] by Kapsersky

[2] 4124: Slicer.exe (AppLauncher) detected as a malware [Hoax.Win32.ArchSMS.cnpls] by Microsoft
8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----

On Tue, Jan 12, 2016 at 12:06 PM, Andrey Fedorov <[hidden email]> wrote:
Hi,

I noticed today the download links are blocked off by Partners
networking (see screenshot).

Did anyone else in other organizations notice this? I wonder if this
is related to the download packages being marked by Kaspersky
antivirus.

AF

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.




--
<a href="tel:%2B1%20919%20869%208849" value="&#43;19198698849" target="_blank">+1 919 869 8849

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.




--
<a href="tel:%2B1%20919%20869%208849" value="&#43;19198698849" target="_blank">+1 919 869 8849

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
Reply | Threaded
Open this post in threaded view
|

Re: Slicer download URLs marked as malware by corporate IT rules

Andrey Fedorov-2
In reply to this post by Andrey Fedorov-2
Sounds like a real blocker.

Meanwhile, I will tell the user to try luck installing Slicer and
extensions from home.

On Tue, Jan 12, 2016 at 1:09 PM, Halle, Michael Wilfred,Ph.D.
<[hidden email]> wrote:

> There's no trivial way to do so on download.slicer.org without complete
> rearchitecture of the process. We basically provide a nice ui and download
> tracking for the slicer releases in MIDAS. We dump off the bulk storage
> question to them.
>
> MIDAS metadata records don't seem to anticipate or support the concept of
> mirrors. Even if they did, the same tainted bits might come from a mirror
> source.
>
> -M
>
>
> From: Andrey Fedorov <[hidden email]>
> Sent: Jan 12, 2016 1:03 PM
> To: Jean-Christophe Fillion-Robin
> Cc: SPL Slicer Users
> Subject: Re: [slicer-users] Slicer download URLs marked as malware by
> corporate IT rules
>
> Pending resolution of this issue, I assume there is no alternative download
> mechanism we can provide, right?
>
> I guess we could manually put things on Dropbox as a workaround?
>
> ---
> Sent from my mobile device
>
> On Jan 12, 2016 12:34 PM, "Jean-Christophe Fillion-Robin"
> <[hidden email]> wrote:
>>
>> Hi Folks,
>>
>> To follow up, I just called the Kaspersky support and, as requested, I
>> sent an email to "newvirus [at] kaspersky.com" :
>>
>> For reference:
>>
>>
>> 8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------
>>
>> Dear Kaspersky Support team,
>>
>> Following my call with the Kaserpsky support, I am reaching out to you.
>>
>> We are having issues with the http://download.slicer.org being treated as
>> a malware by Kaspersky.
>>
>> Note also that I submitted the incriminated executables on
>> https://virusdesk.kaspersky.com/ , all details are reported here:
>>
>>        http://na-mic.org/Mantis/view.php?id=4123
>>
>> Would appreciate your guidance to address the problem.
>>
>> Thanks for your help,
>> Jc
>>
>> 8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------
>>
>> On Tue, Jan 12, 2016 at 12:17 PM, Jean-Christophe Fillion-Robin
>> <[hidden email]> wrote:
>>>
>>> Hi Andrey,
>>>
>>> As an update, here is the email I shared internally this weekend:
>>>
>>>
>>> 8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----
>>> Two updates:
>>>
>>> False positive on Kaspersky
>>> --------------------------------------
>>>
>>> To keep track of the problem, I created two issues. See [1] and [2]
>>>
>>> Considering Kaspersky support is closed on the weekend, I will plan on
>>> calling during the week.
>>>
>>> In the mean time, I did the following:
>>>
>>> * sent them a facebook message
>>>
>>> * posted something on google plus:
>>> https://plus.google.com/107934496431868056651/posts/hApo6zmeiTS
>>>
>>> * upload incriminated binaries on https://virusdesk.kaspersky.com/ for
>>> further analysis. Details available on Google plus and associated mantis
>>> issue.
>>>
>>> Installers signing
>>> ----------------------
>>>
>>> As discussed with Ron few days ago, Kitware will work on addressing the
>>> signing of binaries, starting with Windows installers.
>>>
>>>
>>> [1] 4123: Slicer.exe (AppLauncher) detected as a malware
>>> [PDM:Trojan.Win32.Bazon.a] by Kapsersky
>>>
>>> [2] 4124: Slicer.exe (AppLauncher) detected as a malware
>>> [Hoax.Win32.ArchSMS.cnpls] by Microsoft
>>>
>>> 8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----
>>>
>>> On Tue, Jan 12, 2016 at 12:06 PM, Andrey Fedorov
>>> <[hidden email]> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I noticed today the download links are blocked off by Partners
>>>> networking (see screenshot).
>>>>
>>>> Did anyone else in other organizations notice this? I wonder if this
>>>> is related to the download packages being marked by Kaspersky
>>>> antivirus.
>>>>
>>>> AF
>>>>
>>>> _______________________________________________
>>>> slicer-users mailing list
>>>> [hidden email]
>>>> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>>>> To unsubscribe: send email to [hidden email] with
>>>> unsubscribe as the subject
>>>> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>>>>
>>>>
>>>> The information in this e-mail is intended only for the person to whom
>>>> it is
>>>> addressed. If you believe this e-mail was sent to you in error and the
>>>> e-mail
>>>> contains patient information, please contact the Partners Compliance
>>>> HelpLine at
>>>> http://www.partners.org/complianceline . If the e-mail was sent to you
>>>> in error
>>>> but does not contain patient information, please contact the sender and
>>>> properly
>>>> dispose of the e-mail.
>>>>
>>>
>>>
>>>
>>> --
>>> +1 919 869 8849
>>>
>>> _______________________________________________
>>> slicer-users mailing list
>>> [hidden email]
>>> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>>> To unsubscribe: send email to [hidden email] with
>>> unsubscribe as the subject
>>> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>>>
>>>
>>> The information in this e-mail is intended only for the person to whom it
>>> is
>>> addressed. If you believe this e-mail was sent to you in error and the
>>> e-mail
>>> contains patient information, please contact the Partners Compliance
>>> HelpLine at
>>> http://www.partners.org/complianceline . If the e-mail was sent to you in
>>> error
>>> but does not contain patient information, please contact the sender and
>>> properly
>>> dispose of the e-mail.
>>>
>>
>>
>>
>> --
>> +1 919 869 8849
_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
Reply | Threaded
Open this post in threaded view
|

Re: Slicer download URLs marked as malware by corporate IT rules

inorton
As I mentioned on -devel [1], this is affecting more than just the binary downloads: it seems that (all?) gzip files are now blocked by the Partners firewall, which prevents even downloading test data. I have opened an issue report with Partners IT to try to get the domain white-listed, but did not receive a response yet.

Since the domain is not blocked outright, we ought to be able to get around this by downloading via SSL (leaving aside the unlikely possibility of MITM+packet inspection), but SSL does not seem to be available from the Slicer MIDAS server.

Note that the "Web reputation filter" mentioned by Andriy is a Cisco product, so it may not be related to the Kaspersky error, although it is possible that they use the same upstream blacklist provider.

On Tue, Jan 12, 2016 at 1:28 PM, Andrey Fedorov <[hidden email]> wrote:
Sounds like a real blocker.

Meanwhile, I will tell the user to try luck installing Slicer and
extensions from home.

On Tue, Jan 12, 2016 at 1:09 PM, Halle, Michael Wilfred,Ph.D.
<[hidden email]> wrote:
> There's no trivial way to do so on download.slicer.org without complete
> rearchitecture of the process. We basically provide a nice ui and download
> tracking for the slicer releases in MIDAS. We dump off the bulk storage
> question to them.
>
> MIDAS metadata records don't seem to anticipate or support the concept of
> mirrors. Even if they did, the same tainted bits might come from a mirror
> source.
>
> -M
>
>
> From: Andrey Fedorov <[hidden email]>
> Sent: Jan 12, 2016 1:03 PM
> To: Jean-Christophe Fillion-Robin
> Cc: SPL Slicer Users
> Subject: Re: [slicer-users] Slicer download URLs marked as malware by
> corporate IT rules
>
> Pending resolution of this issue, I assume there is no alternative download
> mechanism we can provide, right?
>
> I guess we could manually put things on Dropbox as a workaround?
>
> ---
> Sent from my mobile device
>
> On Jan 12, 2016 12:34 PM, "Jean-Christophe Fillion-Robin"
> <[hidden email]> wrote:
>>
>> Hi Folks,
>>
>> To follow up, I just called the Kaspersky support and, as requested, I
>> sent an email to "newvirus [at] kaspersky.com" :
>>
>> For reference:
>>
>>
>> 8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------
>>
>> Dear Kaspersky Support team,
>>
>> Following my call with the Kaserpsky support, I am reaching out to you.
>>
>> We are having issues with the http://download.slicer.org being treated as
>> a malware by Kaspersky.
>>
>> Note also that I submitted the incriminated executables on
>> https://virusdesk.kaspersky.com/ , all details are reported here:
>>
>>        http://na-mic.org/Mantis/view.php?id=4123
>>
>> Would appreciate your guidance to address the problem.
>>
>> Thanks for your help,
>> Jc
>>
>> 8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------8<------
>>
>> On Tue, Jan 12, 2016 at 12:17 PM, Jean-Christophe Fillion-Robin
>> <[hidden email]> wrote:
>>>
>>> Hi Andrey,
>>>
>>> As an update, here is the email I shared internally this weekend:
>>>
>>>
>>> 8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----
>>> Two updates:
>>>
>>> False positive on Kaspersky
>>> --------------------------------------
>>>
>>> To keep track of the problem, I created two issues. See [1] and [2]
>>>
>>> Considering Kaspersky support is closed on the weekend, I will plan on
>>> calling during the week.
>>>
>>> In the mean time, I did the following:
>>>
>>> * sent them a facebook message
>>>
>>> * posted something on google plus:
>>> https://plus.google.com/107934496431868056651/posts/hApo6zmeiTS
>>>
>>> * upload incriminated binaries on https://virusdesk.kaspersky.com/ for
>>> further analysis. Details available on Google plus and associated mantis
>>> issue.
>>>
>>> Installers signing
>>> ----------------------
>>>
>>> As discussed with Ron few days ago, Kitware will work on addressing the
>>> signing of binaries, starting with Windows installers.
>>>
>>>
>>> [1] 4123: Slicer.exe (AppLauncher) detected as a malware
>>> [PDM:Trojan.Win32.Bazon.a] by Kapsersky
>>>
>>> [2] 4124: Slicer.exe (AppLauncher) detected as a malware
>>> [Hoax.Win32.ArchSMS.cnpls] by Microsoft
>>>
>>> 8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----
>>>
>>> On Tue, Jan 12, 2016 at 12:06 PM, Andrey Fedorov
>>> <[hidden email]> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I noticed today the download links are blocked off by Partners
>>>> networking (see screenshot).
>>>>
>>>> Did anyone else in other organizations notice this? I wonder if this
>>>> is related to the download packages being marked by Kaspersky
>>>> antivirus.
>>>>
>>>> AF
>>>>
>>>> _______________________________________________
>>>> slicer-users mailing list
>>>> [hidden email]
>>>> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>>>> To unsubscribe: send email to [hidden email] with
>>>> unsubscribe as the subject
>>>> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>>>>
>>>>
>>>> The information in this e-mail is intended only for the person to whom
>>>> it is
>>>> addressed. If you believe this e-mail was sent to you in error and the
>>>> e-mail
>>>> contains patient information, please contact the Partners Compliance
>>>> HelpLine at
>>>> http://www.partners.org/complianceline . If the e-mail was sent to you
>>>> in error
>>>> but does not contain patient information, please contact the sender and
>>>> properly
>>>> dispose of the e-mail.
>>>>
>>>
>>>
>>>
>>> --
>>> <a href="tel:%2B1%20919%20869%208849" value="&#43;19198698849">+1 919 869 8849
>>>
>>> _______________________________________________
>>> slicer-users mailing list
>>> [hidden email]
>>> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>>> To unsubscribe: send email to [hidden email] with
>>> unsubscribe as the subject
>>> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>>>
>>>
>>> The information in this e-mail is intended only for the person to whom it
>>> is
>>> addressed. If you believe this e-mail was sent to you in error and the
>>> e-mail
>>> contains patient information, please contact the Partners Compliance
>>> HelpLine at
>>> http://www.partners.org/complianceline . If the e-mail was sent to you in
>>> error
>>> but does not contain patient information, please contact the sender and
>>> properly
>>> dispose of the e-mail.
>>>
>>
>>
>>
>> --
>> <a href="tel:%2B1%20919%20869%208849" value="&#43;19198698849">+1 919 869 8849
_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.