Dear mkvtoolnix users,
I've received several reports of users that the Windows installer for 2.4.1 supposedly contains a backdoor as reported by Kaspersky Anti Virus and other scanners that use Kaspersky's engine. Here's what I have to say about that after a careful investigation:
One user wrote via email:
> I downloaded the mkvtoolnix 2.4.1 (Windows installer) from your site (
> http://www.bunkus.org/videotools/mkvtoolnix/downloads.html#windows ->
> http://www.bunkus.org/videotools/mkvtoolnix/windows/mkvtoolnix-unicode-2.4.1-setup.exe)
> and I got a warning from Kaspersky Antivirus, saying that the file is
> infected by a backdoor.
That's a false positive. I've already received several warnings from other users and scanned said file with various scanners -- no infections found (only by those who use Kaspersky's scan engine).
I'm also building the programs and installer on a Linux machine, there's no Windows involved during the build.
Additionally I've scanned my only Windows desktop that I have here with two virus scanners (one of them is constantly running anyway), again, no infections found. I'm taking anti virus security very serious.
Nevertheless, I've now provided a new installer with a new one which not even Kaspersky find's anything in:
mkvtoolnix-unicode-2.4.1-build20081207-44-setup.exe (Link removed, see below)
That file is exactly 4115100 bytes big. It's MD5 checksum is 118ff4027534058302d7006db6371c11, it's SHA1 checksum is b4a9ec6a4a474cfc1bfa20755da548da63aa4580.
Regards,
Mosu
On 08 Dec 2008.
Update on 11 Dec 2008
Kaspersky now also reports mkvtoolnix-unicode-2.4.1-build20081207-44-setup.exe to contain a backdoor. I'm still convinced this is a false positive. I've nevertheless updated the installer I'm using (NSIS) and created a new build that's not yet listed as a false positive:
mkvtoolnix-unicode-2.4.1-build20081211-45-setup.exe
Size in bytes: | 4117079 |
MD5 checksum: | 2e7c76d3b57420e211fb85f3a89f1b4a |
SHA1 checksum: | af0405912cb592f3c1cd2fc70a641ce9eb9af90d |
You can see the result of the online scan from today at www.virustotal.com.
Update on 14 Dec 2008
I've received a reply from Kaspersky. They confirm that the original mkvtoolnix-unicode-2.4.1-setup.exe I've sent them was a false positive.