It is currently December 8th, 2021, 6:41 pm

Sophos detects virus in Rainmeter 1.1

General topics related to Rainmeter.
ScottB
Posts: 2
Joined: November 5th, 2009, 10:28 pm

Sophos detects virus in Rainmeter 1.1

Post by ScottB »

I just downloaded and installed Rainmeter 1.1 (32 bit, windows installer) and Sophos Anti-Virus detects Mal/Generic-A in C:/Program Files/Rainmeter1/Skins/Enigma/Resources/Variables/EnigmaConfigure.exe.

Generic-A is exactly that, generic. It's a catch-all label Sophos applies to 'thousands of threats'. See http://www.sophos.com/security/analyses/viruses-and-spyware/malgenerica.html for scant details.

Is there any way to determine if this is a false positive, or if the distribution package really was compromised?

Scott

P.S. Fyi, the MD5 checksum for Rainmeter-1.1-32bit.exe is 24aef3ed2848886e5b975d57da993605
sgtevmckay

Re: Sophos detects virus in Rainmeter 1.1

Post by sgtevmckay »

First off: :welcome: to the forums :D

I have been acquainted with Kaelri (Maker of Enigma) for a while now, and I can assure you that there is no virus in the file, so long as it was download from here, the home page, or the code site.
I can also verify that the downloads from Download.com are clean as I did the uploads myself.

I would say it is a false positive, though I could not explain why.
Do not feel alone.
Some one recently posted that one of our plugins; WebParse.dll (That has not changed configuration in years) is also virused.
He was using Rainmeter 1.0 (I think???)

the code site has very limited access, and only a limited folks can do builds.
The code is available for all to see, but few to add or modify.
the download is then derived directly at the code site and listed at the Google code site.
So this is a closed process.

BUT...It would not hurt to have one of our dev folks take a look in the right near future.
  It has to be an update that recently went out in antiviral updates  
Thanks for the info, we will be looking into it. :thanks:
User avatar
jsmorley
Developer
Posts: 22421
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: Sophos detects virus in Rainmeter 1.1

Post by jsmorley »

It's a false positive. I wrote EnigmaConfigure.exe and can assure you there are no virui in it. ;-)
ScottB
Posts: 2
Joined: November 5th, 2009, 10:28 pm

Re: Sophos detects virus in Rainmeter 1.1

Post by ScottB »

Just to be clear, I was not implying a virus was maliciously added by any of the Rainmeter folks. However, the process of building & distributing software provides many opportunities for unintentional infection, not to mention malicious infection of download packages by 3rd parties.

Does anyone have experience working with anti-virus vendors to determine what provokes a false positive? And if it's not possible to change EnigmaConfigure.exe accordingly, is it even possible to get Sophos to refine their tests?

Independent of Sophos, have you considered adding robust cryptographic checksums? (By robust I mean something better then the venerable & vulnerable MD5 I used.) Those checksums should be part of the release notes, and hard to surreptitiously change even if someone does change the installation package.
User avatar
jsmorley
Developer
Posts: 22421
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: Sophos detects virus in Rainmeter 1.1

Post by jsmorley »

ScottB wrote:Just to be clear, I was not implying a virus was maliciously added by any of the Rainmeter folks. However, the process of building & distributing software provides many opportunities for unintentional infection, not to mention malicious infection of download packages by 3rd parties.

Does anyone have experience working with anti-virus vendors to determine what provokes a false positive? And if it's not possible to change EnigmaConfigure.exe accordingly, is it even possible to get Sophos to refine their tests?

Independent of Sophos, have you considered adding robust cryptographic checksums? (By robust I mean something better then the venerable & vulnerable MD5 I used.) Those checksums should be part of the release notes, and hard to surreptitiously change even if someone does change the installation package.
As long as you got the package from us, I can assure you that we control all aspects of the development, building and distribution. It's a false positive.
User avatar
Chewtoy
Moderator
Posts: 995
Joined: June 10th, 2009, 12:44 pm
Location: Sweden

Re: Sophos detects virus in Rainmeter 1.1

Post by Chewtoy »

ScottB wrote:I just downloaded and installed Rainmeter 1.1 (32 bit, windows installer) and Sophos Anti-Virus detects Mal/Generic-A in C:/Program Files/Rainmeter1/Skins/Enigma/Resources/Variables/EnigmaConfigure.exe.

Generic-A is exactly that, generic. It's a catch-all label Sophos applies to 'thousands of threats'. See http://www.sophos.com/security/analyses/viruses-and-spyware/malgenerica.html for scant details.

Is there any way to determine if this is a false positive, or if the distribution package really was compromised?

Scott

P.S. Fyi, the MD5 checksum for Rainmeter-1.1-32bit.exe is 24aef3ed2848886e5b975d57da993605

# MD5 checksums generated by MD5summer (http://www.md5summer.org)
# Generated 2009-11-06 01:44:05

24aef3ed2848886e5b975d57da993605 *Rainmeter-1.1-32bit.exe


You got the same as I do. And I don't got any virus problems on my end. --> You got a false positive. :)
I don't think, therefore I'm not.
sgtevmckay

Re: Sophos detects virus in Rainmeter 1.1

Post by sgtevmckay »

ScottB wrote:Just to be clear, I was not implying a virus was maliciously added by any of the Rainmeter folks. However, the process of building & distributing software provides many opportunities for unintentional infection, not to mention malicious infection of download packages by 3rd parties.

Does anyone have experience working with anti-virus vendors to determine what provokes a false positive? And if it's not possible to change EnigmaConfigure.exe accordingly, is it even possible to get Sophos to refine their tests?

Independent of Sophos, have you considered adding robust cryptographic checksums? (By robust I mean something better then the venerable & vulnerable MD5 I used.) Those checksums should be part of the release notes, and hard to surreptitiously change even if someone does change the installation package.
No no...You are fine...and I find the proposal interesting...
User avatar
Kaelri
Developer
Posts: 1721
Joined: July 25th, 2009, 4:47 am

Re: Sophos detects virus in Rainmeter 1.1

Post by Kaelri »

I'd certainly like to track this down, if possible. This is the second time that a prominent Rainmeter download has been misidentified by antivirus software (HUD.Vision being the first).

The following is the entirety of EnigmaConfigure.exe's code. It's written in AutoIt and then compiled as a standalone .EXE. If you spot something that an antivirus might be paranoid about, don't hesitate to point it out.

Code: Select all

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_icon=TOOLS.A.ico
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <GUIListBox.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <ScrollBarConstants.au3>
#include <array.au3>
#include <GuiStatusBar.au3>
#include <GuiEdit.au3>
#include <GuiButton.au3>
#include <Misc.au3>
#include <String.au3>
#Include <File.au3>
#include "FileListToArrayXT.au3"

Opt("GUICloseOnESC", 0)
Global $DarkText = 0x000000, $LightText = 0x808080, $BlueText = 0x99b0d1
Global $CurrentVarName

Global $VarName[300]
Global $VarDescription[300]
Global $VarDefault[300]
Global $VarNew[300]
Global $iniFiles[300]
Global $VarCount = 0
Global $FilesCount = 0
Global $ListCount = 0
Global $EndIt = 0
Global $Foundini = 0
Global $DefaultExists = 0, $UserExists = 0, $BothExist = 0
Global $CfgFile
Global $DefaultKeys
Global $FoundInUser
Global $Dirty = 0

$dll = DllOpen("user32.dll")

#Region ### START Koda GUI section ### Form=C:\Program Files\Rainmeter\SetVar\Form2.kxf
$MainForm = GUICreate("Enigma Configuration Tool", 455, 380, -1, -1, BitOR($WS_SYSMENU,$WS_MINIMIZE,$WS_POPUP,$WS_POPUPWINDOW,$WS_BORDER,$WS_CLIPSIBLINGS))
GUISetBkColor(0xFFFBF0)
$LabelDrag = GUICtrlCreateLabel("E n i g m a C o n f i g u r e", 15,  2, 360, 24, $SS_LEFT, $GUI_WS_EX_PARENTDRAG)
GUICtrlSetFont(-1, 12, 400, 0, "Trebuchet MS")
GUICtrlSetColor(-1, $LightText)
$LabelMin = GUICtrlCreateLabel("Min", 395, 5, 23, 20, $SS_CENTER)
GUICtrlSetFont(-1, 10, 400, 0, "Trebuchet MS")
GUICtrlSetCursor(-1,0)
GUICtrlSetColor(-1, $LightText)
$LabelMinCloseDivider = GUICtrlCreateLabel("|", 425, 5, 5, 20, $SS_CENTER)
GUICtrlSetFont(-1, 10, 400, 0, "Trebuchet MS")
GUICtrlSetColor(-1, $LightText)
$LabelClose = GUICtrlCreateLabel("X", 430, 5, 20, 20, $SS_CENTER)
GUICtrlSetFont(-1, 10, 400, 0, "Trebuchet MS")
GUICtrlSetCursor(-1,0)
GUICtrlSetColor(-1, $LightText)
$TopLine = GUICtrlCreateGraphic(0, 28, 485, 1,0)
GUICtrlSetColor(-1, $DarkText)
$VariableList = GUICtrlCreateList("", 39, 53, 305, 250, BitOR($ES_AUTOVSCROLL,$ES_AUTOHSCROLL,$WS_HSCROLL,$WS_VSCROLL)) ;371
GUICtrlSetFont(-1, 10, 800, 0, "Trebuchet MS")
GUICtrlSetColor(-1, $LightText)
GUICtrlSetBkColor(-1, 0xFFFBF0)
GUICtrlSetCursor(-1,0)
$VariableDescripton = GUICtrlCreateLabel("Click an item and enter your value", 45, 307, 280, 20)
GUICtrlSetFont(-1, 10, 800, 0, "Trebuchet MS")
GUICtrlSetColor(-1, $BlueText)
$VariableInput = GUICtrlCreateInput("", 39, 327, 305, 21,BitOR($ES_AUTOHSCROLL,$LBS_WANTKEYBOARDINPUT))
GUICtrlSetFont(-1, 10, 800, 0, "Trebuchet MS")
GUICtrlSetColor(-1, $LightText)
GUICtrlSetBkColor(-1, 0xFFFBF0)
$LabelSave = GUICtrlCreateLabel("Save All", 364, 80-25, 100, 20)
GUICtrlSetFont(-1, 14, 400, 0, "Trebuchet MS")
GUICtrlSetCursor(-1,0)
GUICtrlSetColor(-1, $BlueText)
GUICtrlSetTip(-1, "Save all entries you have modified", "")
$LabelReset = GUICtrlCreateLabel("Reset", 364, 120-25, 100, 20)
GUICtrlSetFont(-1, 14, 400, 0, "Trebuchet MS")
GUICtrlSetCursor(-1,0)
GUICtrlSetColor(-1, $BlueText)
GUICtrlSetTip(-1, "Reset to previously saved values", "")
$LabelDefaults = GUICtrlCreateLabel("Defaults", 364, 160-25, 100, 20)
GUICtrlSetFont(-1, 14, 400, 0, "Trebuchet MS")
GUICtrlSetCursor(-1,0)
GUICtrlSetColor(-1, $BlueText)
GUICtrlSetTip(-1, "Restore UNCONFIGURED DEFAULTS", "")
$LabelExit = GUICtrlCreateLabel("Exit", 364, 200-25, 100, 20)
GUICtrlSetFont(-1, 14, 400, 0, "Trebuchet MS")
GUICtrlSetCursor(-1,0)
GUICtrlSetColor(-1, $BlueText)
GUICtrlSetTip(-1, "Exit EnigmaConfigure", "")
GUISetState(@SW_SHOWNORMAL, $MainForm)
$LabelSet = GUICtrlCreateLabel("Set", 364, 327, 100, 20)
GUICtrlSetFont(-1, 14, 400, 0, "Trebuchet MS")
GUICtrlSetCursor(-1,0)
GUICtrlSetColor(-1, $BlueText)
GUICtrlSetTip(-1, "Set the change to this item", "")

GUISetState(@SW_SHOWNORMAL, $MainForm)

#EndRegion ### END Koda GUI section ###

Main()

While 1

	$nMsg = GUIGetMsg()

	Select

		Case $nMsg = $GUI_EVENT_CLOSE
			If $Dirty = 1 Then
				$ExitAnswer = MsgBox(49,"Enigma Configure","You have made unsaved changes." & @CRLF & @CRLF & "Are you sure you wish to exit without saving?")
				If $ExitAnswer = 1 Then
					FileClose($CfgFile)
					DllClose($dll)
					Exit
				EndIf
			Else
				FileClose($CfgFile)
				DllClose($dll)
				Exit
			EndIf

		Case $nMsg = $LabelClose
			If $Dirty = 1 Then
				$ExitAnswer = MsgBox(49,"Enigma Configure","You have made unsaved changes." & @CRLF & @CRLF & "Are you sure you wish to exit without saving?")
				If $ExitAnswer = 1 Then
					FileClose($CfgFile)
					DllClose($dll)
					Exit
				EndIf
			Else
				FileClose($CfgFile)
				DllClose($dll)
				Exit
			EndIf

		Case $nMsg = $LabelExit
			If $Dirty = 1 Then
				$ExitAnswer = MsgBox(49,"Enigma Configure","You have made unsaved changes." & @CRLF & @CRLF & "Are you sure you wish to exit without saving?")
				If $ExitAnswer = 1 Then
					FileClose($CfgFile)
					DllClose($dll)
					Exit
				EndIf
			Else
				FileClose($CfgFile)
				DllClose($dll)
				Exit
			EndIf

		Case $nMsg = $LabelMin
			WinSetState("[Active]", "", @SW_MINIMIZE)

		Case $nMsg = $VariableList
			$CurrentVarName = GUICtrlRead($VariableList)
			For $ListCount = 1 to $VarCount
				if $VarName[$ListCount] = $CurrentVarName Then
					$CurrentVarDescription = $VarDescription[$ListCount]
				EndIf
			Next
			GUICtrlSetData($VariableDescripton, $CurrentVarDescription)
			For $a = 1 To $VarCount
				If $VarName[$a] = $CurrentVarName Then ExitLoop
			Next
			If $VarNew[$a] = "" Then $VarNew[$a] = $VarDefault[$a]
			If $VarNew[$a] == $VarDefault[$a] Then
				GUICtrlSetData($VariableInput, $VarDefault[$a])
			Else
				GUICtrlSetData($VariableInput, $VarNew[$a])
			EndIf

			Case $nMsg = $LabelSet
				GUICtrlSetColor($LabelSet, $LightText)
				For $a = 1 To $VarCount
					If $VarName[$a] = $CurrentVarName Then ExitLoop
				Next
				$VarNew[$a] = GUICtrlRead($VariableInput)
				Sleep(300)
				$Dirty = 1
				GUICtrlSetColor($LabelSet, $BlueText)

			Case $nMsg = $LabelSave
				GUICtrlSetColor($LabelSave, $LightText)
				For $a = 1 To $VarCount
					If $VarNew[$a] = "" Then $VarNew[$a] = $VarDefault[$a]
					If $VarNew[$a] == $VarDefault[$a] Then
						IniWrite("UserVariables.inc","Variables",$VarName[$a], $VarDefault[$a])
					Else
						IniWrite("UserVariables.inc","Variables",$VarName[$a], $VarNew[$a])
					EndIf
				Next
				Sleep(300)
				$Dirty = 0
				GUICtrlSetColor($LabelSave, $BlueText)

			Case $nMsg = $LabelReset
				GUICtrlSetColor($LabelReset, $LightText)
				Main()
				Sleep(300)
				$Dirty = 0
				GUICtrlSetColor($LabelReset, $BlueText)

			Case $nMsg = $LabelDefaults
				GUICtrlSetColor($LabelDefaults, $LightText)
				If FileExists("DefaultVariables.sav") <> - 1 Then
					$DefaultsAnswer = MsgBox(33,"Enigma Configuration","This will reset all Enigma variables to the DEFAULT values!"  & @CRLF & @CRLF & "Are you sure you wish to clear all changes to Enigma variables"  & @CRLF & @CRLF & "and start over with default placeholder values?")
					If $DefaultsAnswer = 1 Then
						FileCopy("DefaultVariables.sav", "UserVariables.inc", 1)
					EndIf
				Else
					MsgBox(32,"Enigma Configuration","Missing 'DefaultVariables.sav' backup file" & @CRLF & @CRLF & "Unable to restore default variable values")
				EndIf
				main()
				Sleep(300)
				$Dirty = 0
				GUICtrlSetColor($LabelDefaults, $BlueText)

	EndSelect

WEnd

Func Main()

	Global $VarName[300]
	Global $VarDescription[300]
	Global $VarDefault[300]
	Global $VarNew[300]
	Global $iniFiles[300]
	Global $VarCount = 0
	Global $FilesCount = 0
	Global $ListCount = 0
	Global $EndIt = 0
	Global $Foundini = 0
	Global $DefaultExists = 0, $UserExists = 0, $BothExist = 0
	Global $CfgFile
	Global $DefaultKeys
	Global $FoundInUser

	FileClose($CfgFile)

	GUICtrlSetData($VariableList, "")

	If FileExists("DefaultVariables.inc") <> 0 Then $DefaultExists = 1
	If FileExists("UserVariables.inc") <> 0 Then $UserExists = 1
	If FileExists("DefaultVariables.sav") <> 0 Then $DefSaveExists = 1
	If $DefaultExists = 1 And $UserExists = 1 Then $BothExist = 1

	If $DefaultExists = 1 And $BothExist = 0 Then
		FileCopy("DefaultVariables.inc", "UserVariables.inc", 1)
		FileMove("DefaultVariables.inc", "DefaultVariables.sav", 1)
	EndIf

	If $DefaultExists = 0 And $UserExists = 0 Then
		If $DefSaveExists = 1 Then
			FileCopy("DefaultVariables.sav", "UserVariables.inc", 1)
			$DefaultExists = 1
		Else
			MsgBox(16,"EnigmaConfigure Error!", "Variables files!" & @CRLF & @CRLF & "Please reinstall Enigma")
		EndIf
	EndIf

	If $DefaultExists = 1 And $BothExist = 1 Then
		$DefaultKeys = IniReadSection("DefaultVariables.inc", "Variables" )
			If IsArray($DefaultKeys) Then
				For $a = 1 To $DefaultKeys[0][0]
					$FoundInUser = IniRead("UserVariables.inc","Variables",$DefaultKeys[$a][0],"KeyMissing")
					If $FoundInUser = "KeyMissing" Then
						IniWrite("UserVariables.inc","Variables", $DefaultKeys[$a][0],$DefaultKeys[$a][1])
					EndIf
				Next
			Else
				MsgBox(16,"EnigmaConfigure Error!", "Invalid DefaultVariables.inc file" & @CRLF & @CRLF & "Please reinstall Enigma")
				Exit
			EndIf
		FileMove("DefaultVariables.inc", "DefaultVariables.sav", 1)
	EndIf

	If FileFindFirstFile("..\..\..\Enigma.*") = -1 Then
	MsgBox(16, "EnigmaConfigure Error!", "Unable to locate \Skins\Enigma" & @CRLF & @CRLF & "EnigmaConfigure.exe must reside in" & @CRLF & _
			"\Skins\Enigma\Resources\Variables")
	Exit
	EndIf

	$SkinPath = "..\..\..\Enigma\"
	$SkinArray = _FileListToArrayXT($SkinPath, "*.ini", 1, 2, True, "Desktop.ini", 1)
	For $a = 1 To $SkinArray[0]
		_ReplaceStringInFile($SkinArray[$a],"@include=#SKINSPATH#Enigma\Resources\Variables\DefaultVariables.inc","@include=#SKINSPATH#Enigma\Resources\Variables\UserVariables.inc")
	Next

	$CfgFile = FileOpen ("EnigmaConfigure.cfg", 0)
	$VariableSection = FileReadLine ($CfgFile)

	Do
		$VarCount = $VarCount + 1
		$VarName[$VarCount] = FileReadLine ($CfgFile)
		$VarDescription[$VarCount] = FileReadLine ($CfgFile)
		$VarDefault[$VarCount] = IniRead("UserVariables.inc","Variables",$VarName[$VarCount],"")
		If $VarName[$VarCount] = "[Files]" Then $EndIt = 1
	Until $EndIt = 1

	$iniFiles[1] = $VarDescription[$VarCount]
	$FilesCount = $FilesCount + 1

	While @error <> -1
		$FilesCount = $FilesCount + 1
		$iniFiles[$FilesCount] = FileReadLine ($CfgFile)
	WEnd

	FileClose ($CfgFile)
	$VarCount = $VarCount - 1
	$FilesCount = $FilesCount - 1

	For $ListCount = 1 to $VarCount
	GUICtrlSetData($VariableList,$VarName[$ListCount] & "|")
	Next

	ControlCommand ( "", "", $VariableList, "SetCurrentSelection", 0)

EndFunc ;==>Main

Code: Select all

; #FUNCTION# ===========================================================================================
; Name:             _FileListToArrayXT
; Description:      Lists files and\or folders in specified path(s) (Similar to using Dir with the /B Switch)
;                   additional features: multi-path, multi-filter, multi-exclude-filter, path format options, recursive search
; Syntax:           _FileListToArrayXT([$sPath = @ScriptDir, [$sFilter = "*", [$iRetItemType, [$bRecursive = False, [$sExclude = "", [$iRetFormat = 1]]]]]])
; Parameter(s):     $sPath = optional: Search path(s), semicolon delimited (default: @ScriptDir)
;                            (Example: "C:\Tmp;D:\Temp")
;                   $sFilter = optional: Search filter(s), semicolon delimited . Wildcards allowed. (default: "*")
;                              (Example: "*.exe;*.txt")
;                   $iRetItemType = Include in search: 0 = Files and Folder, 1 = Files Only, 2 = Folders Only
;                   $iRetPathType = Returned element format: 0 = file/folder name only, 1 = relative path, 2 = full path
;                   $bRecursive = optional: True: recursive search including all subdirectories
;                                           False (default): search only in specified folder
;                   $sExclude = optional: Exclude filter(s), semicolon delimited. Wildcards allowed.
;                               (Example: "Unins*" will remove all files/folders that begin with "Unins")
;                   $iRetFormat =  optional: return format
;                                  0 = one-dimensional array, 0-based
;                                  1 = one-dimensional array, 1-based (default)
;                                  2 = String ( "|" delimited)
; Requirement(s):   AutoIt Version 3.3.1.1 or newer
; Return Value(s):  on success: 1-based or 0-based array or string (dependent on $iRetFormat)
;                   If no path is found, @error and @extended are set to 1, returns empty string
;                   If no filter is found, @error and @extended are set to 2, returns empty string
;                   If $iRetFormat is invalid, @error and @extended are set to 3, returns empty string
;                   If no data is found, @error and @extended are set to 4, returns empty string
; Author(s):        Half the AutoIt Community
; ====================================================================================================
Func _FileListToArrayXT($sPath = @ScriptDir, $sFilter = "*", $iRetItemType = 0, $iRetPathType = 0, $bRecursive = False, $sExclude = "", $iRetFormat = 1)
  Local $hSearchFile, $sFile, $sFileList, $sWorkPath, $sRetPath, $iRootPathLen, $iPCount, $iFCount, $fDirFlag

  ;[check and prepare parameters]
  ;---------------
  If $sPath = -1 Or $sPath = Default Then $sPath = @ScriptDir
  ;strip leading/trailing spaces and semi-colons, all adjacent semi-colons, and spaces surrounding semi-colons
  $sPath = StringRegExpReplace(StringRegExpReplace($sPath, "(\s*;\s*)+", ";"), "\A;|;\z", "")
  ;check that at least one path is set
  If $sPath = "" Then Return SetError(1, 1, "")
  ;-----
  If $sFilter = -1 Or $sFilter = Default Then $sFilter = "*"
  ;prepare filter
  ;strip leading/trailing spaces and semi-colons, all adjacent semi-colons, and spaces surrounding semi-colons
  $sFilter = StringRegExpReplace(StringRegExpReplace($sFilter, "(\s*;\s*)+", ";"), "\A;|;\z", "")
  ;check for invalid chars or that at least one filter is set
  If StringRegExp($sFilter, "[\\/><:\|]|(?s)\A\s*\z") Then Return SetError(2, 2, "")
  If $bRecursive Then
    ;Convert $sFilter for Regular Expression
    $sFilter = StringRegExpReplace($sFilter, '([\Q\.+[^]$(){}=!\E])', '\\$1')
    $sFilter = StringReplace($sFilter, "?", ".")
    $sFilter = StringReplace($sFilter, "*", ".*?")
    $sFilter = "(?i)\A(" & StringReplace($sFilter, ";", "$|") & "$)" ;case-insensitive, convert ';' to '|', match from first char, terminate strings
    ;$sFilter = "(?i)\A" & StringReplace($sFilter, ";", "|") & "\z"
  EndIf
  ;-----
  If $iRetItemType <> "1" And $iRetItemType <> "2" Then $iRetItemType = "0"
  ;-----
  If $iRetPathType <> "1" And $iRetPathType <> "2" Then $iRetPathType = "0"
  ;-----
  $bRecursive = ($bRecursive = "1")
  ;-----
  If $sExclude = -1 Or $sExclude = Default Then $sExclude = ""
  If $sExclude Then
    ;prepare $sExclude
    ;strip leading/trailing spaces and semi-colons, all adjacent semi-colons, and spaces surrounding semi-colons
    $sExclude = StringRegExpReplace(StringRegExpReplace($sExclude, "(\s*;\s*)+", ";"), "\A;|;\z", "")
    ;Convert $sExclude for Regular Expression
    $sExclude = StringRegExpReplace($sExclude, '([\Q\.+[^]$(){}=!\E])', '\\$1')
    $sExclude = StringReplace($sExclude, "?", ".")
    $sExclude = StringReplace($sExclude, "*", ".*?")
    $sExclude = "(?i)\A(" & StringReplace($sExclude, ";", "$|") & "$)" ;case-insensitive, convert ';' to '|', match from first char, terminate strings
    ;$sExclude = "(?i)\A" & StringReplace($sExclude, ";", "|") & "\z"
  EndIf
  ;-----
  ;If $iRetFormat <> "0" And $iRetFormat <> "2" Then $iRetFormat = "1"
  If Not ($iRetItemType = 0 Or $iRetItemType = 1 Or $iRetItemType = 2) Then Return SetError(3, 3, "")
  ;---------------
  ;[/check and prepare parameters]

  ;---------------

  Local $aPath = StringSplit($sPath, ';', 1) ;paths array
  Local $aFilter = StringSplit($sFilter, ';', 1) ;filters array

  ;---------------

  If $bRecursive Then ;different handling for recursion (strategy: unfiltered search for all items and filter unwanted)

    If $sExclude Then ;different handling dependent on $sExclude parameter is set or not

      For $iPCount = 1 To $aPath[0] ;Path loop
        $sPath = StringRegExpReplace($aPath[$iPCount], "[\\/]+\z", "") & "\" ;ensure exact one trailing slash
        If Not FileExists($sPath) Then ContinueLoop
        $iRootPathLen = StringLen($sPath) - 1

        Local $aPathStack[1024] = [1, $sPath]

        While $aPathStack[0] > 0
          $sWorkPath = $aPathStack[$aPathStack[0]]
          $aPathStack[0] -= 1
          ;-----
          $hSearchFile = FileFindFirstFile($sWorkPath & '*')
          If @error Then ContinueLoop
          ;-----
          Switch $iRetPathType
            Case 2 ;full path
              $sRetPath = $sWorkPath
            Case 1 ;relative path
              $sRetPath = StringTrimLeft($sWorkPath, $iRootPathLen + 1)
          EndSwitch
          ;-----
          Switch $iRetItemType
            Case 1
              While True ;Files only
                $sFile = FileFindNextFile($hSearchFile)
                If @error Then ExitLoop
                $fDirFlag = @extended
                If $fDirFlag Then
                  $aPathStack[0] += 1
                  If UBound($aPathStack) <= $aPathStack[0] Then ReDim $aPathStack[UBound($aPathStack) * 2]
                  $aPathStack[$aPathStack[0]] = $sWorkPath & $sFile & "\"
                  ContinueLoop
                EndIf
                If StringRegExp($sFile, $sExclude) Then ContinueLoop
                If StringRegExp($sFile, $sFilter) Then
                  $sFileList &= $sRetPath & $sFile & "|"
                EndIf
              WEnd
            Case 2
              While True ;Folders only
                $sFile = FileFindNextFile($hSearchFile)
                If @error Then ExitLoop
                $fDirFlag = @extended
                If StringRegExp($sFile, $sExclude) Then ContinueLoop
                If $fDirFlag Then
                  $aPathStack[0] += 1
                  If UBound($aPathStack) <= $aPathStack[0] Then ReDim $aPathStack[UBound($aPathStack) * 2]
                  $aPathStack[$aPathStack[0]] = $sWorkPath & $sFile & "\"
                  If StringRegExp($sFile, $sFilter) Then
                    $sFileList &= $sRetPath & $sFile & "|"
                  EndIf
                EndIf
              WEnd
            Case Else
              While True ;Files and Folders
                $sFile = FileFindNextFile($hSearchFile)
                If @error Then ExitLoop
                $fDirFlag = @extended
                If StringRegExp($sFile, $sExclude) Then ContinueLoop
                If $fDirFlag Then
                  $aPathStack[0] += 1
                  If UBound($aPathStack) <= $aPathStack[0] Then ReDim $aPathStack[UBound($aPathStack) * 2]
                  $aPathStack[$aPathStack[0]] = $sWorkPath & $sFile & "\"
                EndIf
                If StringRegExp($sFile, $sFilter) Then
                  $sFileList &= $sRetPath & $sFile & "|"
                EndIf
              WEnd
          EndSwitch
          ;-----
        WEnd

        FileClose($hSearchFile)

      Next ;$iPCount - next path

    Else ;If Not $sExclude

      For $iPCount = 1 To $aPath[0] ;Path loop
        $sPath = StringRegExpReplace($aPath[$iPCount], "[\\/]+\z", "") & "\" ;ensure exact one trailing slash
        If Not FileExists($sPath) Then ContinueLoop
        $iRootPathLen = StringLen($sPath) - 1

        Local $aPathStack[1024] = [1, $sPath]

        While $aPathStack[0] > 0
          $sWorkPath = $aPathStack[$aPathStack[0]]
          $aPathStack[0] -= 1
          ;-----
          $hSearchFile = FileFindFirstFile($sWorkPath & '*')
          If @error Then ContinueLoop
          ;-----
          Switch $iRetPathType
            Case 2 ;full path
              $sRetPath = $sWorkPath
            Case 1 ;relative path
              $sRetPath = StringTrimLeft($sWorkPath, $iRootPathLen + 1)
          EndSwitch
          ;-----
          Switch $iRetItemType
            Case 1
              While True ;Files only
                $sFile = FileFindNextFile($hSearchFile)
                If @error Then ExitLoop
                If @extended Then
                  $aPathStack[0] += 1
                  If UBound($aPathStack) <= $aPathStack[0] Then ReDim $aPathStack[UBound($aPathStack) * 2]
                  $aPathStack[$aPathStack[0]] = $sWorkPath & $sFile & "\"
                  ContinueLoop
                EndIf
                If StringRegExp($sFile, $sFilter) Then
                  $sFileList &= $sRetPath & $sFile & "|"
                EndIf
              WEnd
            Case 2
              While True ;Folders only
                $sFile = FileFindNextFile($hSearchFile)
                If @error Then ExitLoop
                If @extended Then
                  $aPathStack[0] += 1
                  If UBound($aPathStack) <= $aPathStack[0] Then ReDim $aPathStack[UBound($aPathStack) * 2]
                  $aPathStack[$aPathStack[0]] = $sWorkPath & $sFile & "\"
                  If StringRegExp($sFile, $sFilter) Then
                    $sFileList &= $sRetPath & $sFile & "|"
                  EndIf
                EndIf
              WEnd
            Case Else
              While True ;Files and Folders
                $sFile = FileFindNextFile($hSearchFile)
                If @error Then ExitLoop
                If @extended Then
                  $aPathStack[0] += 1
                  If UBound($aPathStack) <= $aPathStack[0] Then ReDim $aPathStack[UBound($aPathStack) * 2]
                  $aPathStack[$aPathStack[0]] = $sWorkPath & $sFile & "\"
                EndIf
                If StringRegExp($sFile, $sFilter) Then
                  $sFileList &= $sRetPath & $sFile & "|"
                EndIf
              WEnd
          EndSwitch
          ;-----
        WEnd

        FileClose($hSearchFile)

      Next ;$iPCount - next path

    EndIf ;If $sExclude

  Else ;If Not $bRecursive (strategy: filtered search for items)

    If $sExclude Then ;different handling dependent on $sExclude parameter is set or not

      For $iPCount = 1 To $aPath[0] ;Path loop

        $sPath = StringRegExpReplace($aPath[$iPCount], "[\\/]+\z", "") & "\" ;ensure exact one trailing slash
        If Not FileExists($sPath) Then ContinueLoop
        ;-----
        Switch $iRetPathType
          Case 2 ;full path
            $sRetPath = $sPath
          Case 1 ;relative path
            $sRetPath = ""
        EndSwitch

        For $iFCount = 1 To $aFilter[0] ;filter loop
          ;-----
          $hSearchFile = FileFindFirstFile($sPath & $aFilter[$iFCount])
          If @error Then ContinueLoop
          ;-----
          Switch $iRetItemType
            Case 1 ;files Only
              While True
                $sFile = FileFindNextFile($hSearchFile)
                If @error Then ExitLoop
                If @extended Then ContinueLoop ;bypass folder
                ;check for exclude files
                If StringRegExp($sFile, $sExclude) Then ContinueLoop
                $sFileList &= $sRetPath & $sFile & "|"
              WEnd
            Case 2 ;folders Only
              While True
                $sFile = FileFindNextFile($hSearchFile)
                If @error Then ExitLoop
                If @extended Then ;bypass file
                  ;check for exclude folder
                  If StringRegExp($sFile, $sExclude) Then ContinueLoop
                  $sFileList &= $sRetPath & $sFile & "|"
                EndIf
              WEnd
            Case Else ;files and folders
              While True
                $sFile = FileFindNextFile($hSearchFile)
                If @error Then ExitLoop
                ;check for exclude files/folder
                If StringRegExp($sFile, $sExclude) Then ContinueLoop
                $sFileList &= $sRetPath & $sFile & "|"
              WEnd
          EndSwitch
          FileClose($hSearchFile)
        Next ;$iFCount - next filter

      Next ;$iPCount - next path

    Else ;If Not $sExclude

      For $iPCount = 1 To $aPath[0] ;Path loop

        $sPath = StringRegExpReplace($aPath[$iPCount], "[\\/]+\z", "") & "\" ;ensure exact one trailing slash
        If Not FileExists($sPath) Then ContinueLoop
        ;-----
        Switch $iRetPathType
          Case 2 ;full path
            $sRetPath = $sPath
          Case 1 ;relative path
            $sRetPath = ""
                EndSwitch

        For $iFCount = 1 To $aFilter[0] ;filter loop
          ;-----
          $hSearchFile = FileFindFirstFile($sPath & $aFilter[$iFCount])
          If @error Then ContinueLoop
          ;-----
          Switch $iRetItemType
            Case 1 ;files Only
              While True
                $sFile = FileFindNextFile($hSearchFile)
                If @error Then ExitLoop
                If @extended Then ContinueLoop ;bypass folder
                $sFileList &= $sRetPath & $sFile & "|"
              WEnd
            Case 2 ;folders Only
              While True
                $sFile = FileFindNextFile($hSearchFile)
                If @error Then ExitLoop
                If @extended Then ;bypass file
                  $sFileList &= $sRetPath & $sFile & "|"
                EndIf
              WEnd
            Case Else ;files and folders
              While True
                $sFile = FileFindNextFile($hSearchFile)
                If @error Then ExitLoop
                $sFileList &= $sRetPath & $sFile & "|"
              WEnd
          EndSwitch
          FileClose($hSearchFile)
        Next ;$iFCount - next filter

      Next ;$iPCount - next path

    EndIf ;If $sExclude

  EndIf ;If $bRecursive

  ;---------------

  ;set according return value
  If $sFileList Then
    Switch $iRetFormat
      Case 2 ;return a delimited string
        Return StringTrimRight($sFileList, 1)
      Case 0 ;return a 0-based array
        Return StringSplit(StringTrimRight($sFileList, 1), "|", 2)
      Case Else ;return a 1-based array
        Return StringSplit(StringTrimRight($sFileList, 1), "|", 1)
    EndSwitch
  Else
    Return SetError(4, 4, "")
  EndIf

EndFunc   ;==>_FileListToArrayXT
sgtevmckay

Re: Sophos detects virus in Rainmeter 1.1

Post by sgtevmckay »

We need to identify what is being listed as virused and narrow it down to what is Rainmeter and what is not...I have gone over the HUD code with a fine tooth comb, and then I realize it is nothing in Rainmeter that is causing the virus detection...It is Mepu's installer.
I believe that Mepu is using autoIt to make his installer that being said, after extracting the installer code I find it to be a mess.
So this is not a Rainmeter issue.

the detection of WebParse.dll and your installer is, so we need to look here.
I am currently monitoring approximately 16 site forums and blogs to see if these issue keep popping up and if so in what AV software
User avatar
Benjamin Linus
Posts: 163
Joined: July 12th, 2009, 4:05 pm
Location: The Island

Re: Sophos detects virus in Rainmeter 1.1

Post by Benjamin Linus »

Clean as a whistle :p
Using ESET Nod32 Antivirus 4.0.467.0.
Image