I just downloaded and installed Rainmeter 1.1 (32 bit, windows installer) and Sophos Anti-Virus detects Mal/Generic-A in C:/Program Files/Rainmeter1/Skins/Enigma/Resources/Variables/EnigmaConfigure.exe.
Generic-A is exactly that, generic. It's a catch-all label Sophos applies to 'thousands of threats'. See http://www.sophos.com/security/analyses/viruses-and-spyware/malgenerica.html for scant details.
Is there any way to determine if this is a false positive, or if the distribution package really was compromised?
Scott
P.S. Fyi, the MD5 checksum for Rainmeter-1.1-32bit.exe is 24aef3ed2848886e5b975d57da993605
It is currently September 9th, 2024, 11:11 am
Sophos detects virus in Rainmeter 1.1
-
- Posts: 2
- Joined: November 5th, 2009, 10:28 pm
Re: Sophos detects virus in Rainmeter 1.1
First off: to the forums
I have been acquainted with Kaelri (Maker of Enigma) for a while now, and I can assure you that there is no virus in the file, so long as it was download from here, the home page, or the code site.
I can also verify that the downloads from Download.com are clean as I did the uploads myself.
I would say it is a false positive, though I could not explain why.
Do not feel alone.
Some one recently posted that one of our plugins; WebParse.dll (That has not changed configuration in years) is also virused.
He was using Rainmeter 1.0 (I think???)
the code site has very limited access, and only a limited folks can do builds.
The code is available for all to see, but few to add or modify.
the download is then derived directly at the code site and listed at the Google code site.
So this is a closed process.
BUT...It would not hurt to have one of our dev folks take a look in the right near future.
Thanks for the info, we will be looking into it. :thanks:
I have been acquainted with Kaelri (Maker of Enigma) for a while now, and I can assure you that there is no virus in the file, so long as it was download from here, the home page, or the code site.
I can also verify that the downloads from Download.com are clean as I did the uploads myself.
I would say it is a false positive, though I could not explain why.
Do not feel alone.
Some one recently posted that one of our plugins; WebParse.dll (That has not changed configuration in years) is also virused.
He was using Rainmeter 1.0 (I think???)
the code site has very limited access, and only a limited folks can do builds.
The code is available for all to see, but few to add or modify.
the download is then derived directly at the code site and listed at the Google code site.
So this is a closed process.
BUT...It would not hurt to have one of our dev folks take a look in the right near future.
It has to be an update that recently went out in antiviral updates |
-
- Developer
- Posts: 22724
- Joined: April 19th, 2009, 11:02 pm
- Location: Fort Hunt, Virginia, USA
Re: Sophos detects virus in Rainmeter 1.1
It's a false positive. I wrote EnigmaConfigure.exe and can assure you there are no virui in it.
-
- Posts: 2
- Joined: November 5th, 2009, 10:28 pm
Re: Sophos detects virus in Rainmeter 1.1
Just to be clear, I was not implying a virus was maliciously added by any of the Rainmeter folks. However, the process of building & distributing software provides many opportunities for unintentional infection, not to mention malicious infection of download packages by 3rd parties.
Does anyone have experience working with anti-virus vendors to determine what provokes a false positive? And if it's not possible to change EnigmaConfigure.exe accordingly, is it even possible to get Sophos to refine their tests?
Independent of Sophos, have you considered adding robust cryptographic checksums? (By robust I mean something better then the venerable & vulnerable MD5 I used.) Those checksums should be part of the release notes, and hard to surreptitiously change even if someone does change the installation package.
Does anyone have experience working with anti-virus vendors to determine what provokes a false positive? And if it's not possible to change EnigmaConfigure.exe accordingly, is it even possible to get Sophos to refine their tests?
Independent of Sophos, have you considered adding robust cryptographic checksums? (By robust I mean something better then the venerable & vulnerable MD5 I used.) Those checksums should be part of the release notes, and hard to surreptitiously change even if someone does change the installation package.
-
- Developer
- Posts: 22724
- Joined: April 19th, 2009, 11:02 pm
- Location: Fort Hunt, Virginia, USA
Re: Sophos detects virus in Rainmeter 1.1
As long as you got the package from us, I can assure you that we control all aspects of the development, building and distribution. It's a false positive.ScottB wrote:Just to be clear, I was not implying a virus was maliciously added by any of the Rainmeter folks. However, the process of building & distributing software provides many opportunities for unintentional infection, not to mention malicious infection of download packages by 3rd parties.
Does anyone have experience working with anti-virus vendors to determine what provokes a false positive? And if it's not possible to change EnigmaConfigure.exe accordingly, is it even possible to get Sophos to refine their tests?
Independent of Sophos, have you considered adding robust cryptographic checksums? (By robust I mean something better then the venerable & vulnerable MD5 I used.) Those checksums should be part of the release notes, and hard to surreptitiously change even if someone does change the installation package.
-
- Moderator
- Posts: 995
- Joined: June 10th, 2009, 12:44 pm
- Location: Sweden
Re: Sophos detects virus in Rainmeter 1.1
ScottB wrote:I just downloaded and installed Rainmeter 1.1 (32 bit, windows installer) and Sophos Anti-Virus detects Mal/Generic-A in C:/Program Files/Rainmeter1/Skins/Enigma/Resources/Variables/EnigmaConfigure.exe.
Generic-A is exactly that, generic. It's a catch-all label Sophos applies to 'thousands of threats'. See http://www.sophos.com/security/analyses/viruses-and-spyware/malgenerica.html for scant details.
Is there any way to determine if this is a false positive, or if the distribution package really was compromised?
Scott
P.S. Fyi, the MD5 checksum for Rainmeter-1.1-32bit.exe is 24aef3ed2848886e5b975d57da993605
# MD5 checksums generated by MD5summer (http://www.md5summer.org)
# Generated 2009-11-06 01:44:05
24aef3ed2848886e5b975d57da993605 *Rainmeter-1.1-32bit.exe
You got the same as I do. And I don't got any virus problems on my end. --> You got a false positive. :)
I don't think, therefore I'm not.
Re: Sophos detects virus in Rainmeter 1.1
No no...You are fine...and I find the proposal interesting...ScottB wrote:Just to be clear, I was not implying a virus was maliciously added by any of the Rainmeter folks. However, the process of building & distributing software provides many opportunities for unintentional infection, not to mention malicious infection of download packages by 3rd parties.
Does anyone have experience working with anti-virus vendors to determine what provokes a false positive? And if it's not possible to change EnigmaConfigure.exe accordingly, is it even possible to get Sophos to refine their tests?
Independent of Sophos, have you considered adding robust cryptographic checksums? (By robust I mean something better then the venerable & vulnerable MD5 I used.) Those checksums should be part of the release notes, and hard to surreptitiously change even if someone does change the installation package.
-
- Developer
- Posts: 1721
- Joined: July 25th, 2009, 4:47 am
Re: Sophos detects virus in Rainmeter 1.1
I'd certainly like to track this down, if possible. This is the second time that a prominent Rainmeter download has been misidentified by antivirus software (HUD.Vision being the first).
The following is the entirety of EnigmaConfigure.exe's code. It's written in AutoIt and then compiled as a standalone .EXE. If you spot something that an antivirus might be paranoid about, don't hesitate to point it out.
The following is the entirety of EnigmaConfigure.exe's code. It's written in AutoIt and then compiled as a standalone .EXE. If you spot something that an antivirus might be paranoid about, don't hesitate to point it out.
Code: Select all
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_icon=TOOLS.A.ico
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <GUIListBox.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <ScrollBarConstants.au3>
#include <array.au3>
#include <GuiStatusBar.au3>
#include <GuiEdit.au3>
#include <GuiButton.au3>
#include <Misc.au3>
#include <String.au3>
#Include <File.au3>
#include "FileListToArrayXT.au3"
Opt("GUICloseOnESC", 0)
Global $DarkText = 0x000000, $LightText = 0x808080, $BlueText = 0x99b0d1
Global $CurrentVarName
Global $VarName[300]
Global $VarDescription[300]
Global $VarDefault[300]
Global $VarNew[300]
Global $iniFiles[300]
Global $VarCount = 0
Global $FilesCount = 0
Global $ListCount = 0
Global $EndIt = 0
Global $Foundini = 0
Global $DefaultExists = 0, $UserExists = 0, $BothExist = 0
Global $CfgFile
Global $DefaultKeys
Global $FoundInUser
Global $Dirty = 0
$dll = DllOpen("user32.dll")
#Region ### START Koda GUI section ### Form=C:\Program Files\Rainmeter\SetVar\Form2.kxf
$MainForm = GUICreate("Enigma Configuration Tool", 455, 380, -1, -1, BitOR($WS_SYSMENU,$WS_MINIMIZE,$WS_POPUP,$WS_POPUPWINDOW,$WS_BORDER,$WS_CLIPSIBLINGS))
GUISetBkColor(0xFFFBF0)
$LabelDrag = GUICtrlCreateLabel("E n i g m a C o n f i g u r e", 15, 2, 360, 24, $SS_LEFT, $GUI_WS_EX_PARENTDRAG)
GUICtrlSetFont(-1, 12, 400, 0, "Trebuchet MS")
GUICtrlSetColor(-1, $LightText)
$LabelMin = GUICtrlCreateLabel("Min", 395, 5, 23, 20, $SS_CENTER)
GUICtrlSetFont(-1, 10, 400, 0, "Trebuchet MS")
GUICtrlSetCursor(-1,0)
GUICtrlSetColor(-1, $LightText)
$LabelMinCloseDivider = GUICtrlCreateLabel("|", 425, 5, 5, 20, $SS_CENTER)
GUICtrlSetFont(-1, 10, 400, 0, "Trebuchet MS")
GUICtrlSetColor(-1, $LightText)
$LabelClose = GUICtrlCreateLabel("X", 430, 5, 20, 20, $SS_CENTER)
GUICtrlSetFont(-1, 10, 400, 0, "Trebuchet MS")
GUICtrlSetCursor(-1,0)
GUICtrlSetColor(-1, $LightText)
$TopLine = GUICtrlCreateGraphic(0, 28, 485, 1,0)
GUICtrlSetColor(-1, $DarkText)
$VariableList = GUICtrlCreateList("", 39, 53, 305, 250, BitOR($ES_AUTOVSCROLL,$ES_AUTOHSCROLL,$WS_HSCROLL,$WS_VSCROLL)) ;371
GUICtrlSetFont(-1, 10, 800, 0, "Trebuchet MS")
GUICtrlSetColor(-1, $LightText)
GUICtrlSetBkColor(-1, 0xFFFBF0)
GUICtrlSetCursor(-1,0)
$VariableDescripton = GUICtrlCreateLabel("Click an item and enter your value", 45, 307, 280, 20)
GUICtrlSetFont(-1, 10, 800, 0, "Trebuchet MS")
GUICtrlSetColor(-1, $BlueText)
$VariableInput = GUICtrlCreateInput("", 39, 327, 305, 21,BitOR($ES_AUTOHSCROLL,$LBS_WANTKEYBOARDINPUT))
GUICtrlSetFont(-1, 10, 800, 0, "Trebuchet MS")
GUICtrlSetColor(-1, $LightText)
GUICtrlSetBkColor(-1, 0xFFFBF0)
$LabelSave = GUICtrlCreateLabel("Save All", 364, 80-25, 100, 20)
GUICtrlSetFont(-1, 14, 400, 0, "Trebuchet MS")
GUICtrlSetCursor(-1,0)
GUICtrlSetColor(-1, $BlueText)
GUICtrlSetTip(-1, "Save all entries you have modified", "")
$LabelReset = GUICtrlCreateLabel("Reset", 364, 120-25, 100, 20)
GUICtrlSetFont(-1, 14, 400, 0, "Trebuchet MS")
GUICtrlSetCursor(-1,0)
GUICtrlSetColor(-1, $BlueText)
GUICtrlSetTip(-1, "Reset to previously saved values", "")
$LabelDefaults = GUICtrlCreateLabel("Defaults", 364, 160-25, 100, 20)
GUICtrlSetFont(-1, 14, 400, 0, "Trebuchet MS")
GUICtrlSetCursor(-1,0)
GUICtrlSetColor(-1, $BlueText)
GUICtrlSetTip(-1, "Restore UNCONFIGURED DEFAULTS", "")
$LabelExit = GUICtrlCreateLabel("Exit", 364, 200-25, 100, 20)
GUICtrlSetFont(-1, 14, 400, 0, "Trebuchet MS")
GUICtrlSetCursor(-1,0)
GUICtrlSetColor(-1, $BlueText)
GUICtrlSetTip(-1, "Exit EnigmaConfigure", "")
GUISetState(@SW_SHOWNORMAL, $MainForm)
$LabelSet = GUICtrlCreateLabel("Set", 364, 327, 100, 20)
GUICtrlSetFont(-1, 14, 400, 0, "Trebuchet MS")
GUICtrlSetCursor(-1,0)
GUICtrlSetColor(-1, $BlueText)
GUICtrlSetTip(-1, "Set the change to this item", "")
GUISetState(@SW_SHOWNORMAL, $MainForm)
#EndRegion ### END Koda GUI section ###
Main()
While 1
$nMsg = GUIGetMsg()
Select
Case $nMsg = $GUI_EVENT_CLOSE
If $Dirty = 1 Then
$ExitAnswer = MsgBox(49,"Enigma Configure","You have made unsaved changes." & @CRLF & @CRLF & "Are you sure you wish to exit without saving?")
If $ExitAnswer = 1 Then
FileClose($CfgFile)
DllClose($dll)
Exit
EndIf
Else
FileClose($CfgFile)
DllClose($dll)
Exit
EndIf
Case $nMsg = $LabelClose
If $Dirty = 1 Then
$ExitAnswer = MsgBox(49,"Enigma Configure","You have made unsaved changes." & @CRLF & @CRLF & "Are you sure you wish to exit without saving?")
If $ExitAnswer = 1 Then
FileClose($CfgFile)
DllClose($dll)
Exit
EndIf
Else
FileClose($CfgFile)
DllClose($dll)
Exit
EndIf
Case $nMsg = $LabelExit
If $Dirty = 1 Then
$ExitAnswer = MsgBox(49,"Enigma Configure","You have made unsaved changes." & @CRLF & @CRLF & "Are you sure you wish to exit without saving?")
If $ExitAnswer = 1 Then
FileClose($CfgFile)
DllClose($dll)
Exit
EndIf
Else
FileClose($CfgFile)
DllClose($dll)
Exit
EndIf
Case $nMsg = $LabelMin
WinSetState("[Active]", "", @SW_MINIMIZE)
Case $nMsg = $VariableList
$CurrentVarName = GUICtrlRead($VariableList)
For $ListCount = 1 to $VarCount
if $VarName[$ListCount] = $CurrentVarName Then
$CurrentVarDescription = $VarDescription[$ListCount]
EndIf
Next
GUICtrlSetData($VariableDescripton, $CurrentVarDescription)
For $a = 1 To $VarCount
If $VarName[$a] = $CurrentVarName Then ExitLoop
Next
If $VarNew[$a] = "" Then $VarNew[$a] = $VarDefault[$a]
If $VarNew[$a] == $VarDefault[$a] Then
GUICtrlSetData($VariableInput, $VarDefault[$a])
Else
GUICtrlSetData($VariableInput, $VarNew[$a])
EndIf
Case $nMsg = $LabelSet
GUICtrlSetColor($LabelSet, $LightText)
For $a = 1 To $VarCount
If $VarName[$a] = $CurrentVarName Then ExitLoop
Next
$VarNew[$a] = GUICtrlRead($VariableInput)
Sleep(300)
$Dirty = 1
GUICtrlSetColor($LabelSet, $BlueText)
Case $nMsg = $LabelSave
GUICtrlSetColor($LabelSave, $LightText)
For $a = 1 To $VarCount
If $VarNew[$a] = "" Then $VarNew[$a] = $VarDefault[$a]
If $VarNew[$a] == $VarDefault[$a] Then
IniWrite("UserVariables.inc","Variables",$VarName[$a], $VarDefault[$a])
Else
IniWrite("UserVariables.inc","Variables",$VarName[$a], $VarNew[$a])
EndIf
Next
Sleep(300)
$Dirty = 0
GUICtrlSetColor($LabelSave, $BlueText)
Case $nMsg = $LabelReset
GUICtrlSetColor($LabelReset, $LightText)
Main()
Sleep(300)
$Dirty = 0
GUICtrlSetColor($LabelReset, $BlueText)
Case $nMsg = $LabelDefaults
GUICtrlSetColor($LabelDefaults, $LightText)
If FileExists("DefaultVariables.sav") <> - 1 Then
$DefaultsAnswer = MsgBox(33,"Enigma Configuration","This will reset all Enigma variables to the DEFAULT values!" & @CRLF & @CRLF & "Are you sure you wish to clear all changes to Enigma variables" & @CRLF & @CRLF & "and start over with default placeholder values?")
If $DefaultsAnswer = 1 Then
FileCopy("DefaultVariables.sav", "UserVariables.inc", 1)
EndIf
Else
MsgBox(32,"Enigma Configuration","Missing 'DefaultVariables.sav' backup file" & @CRLF & @CRLF & "Unable to restore default variable values")
EndIf
main()
Sleep(300)
$Dirty = 0
GUICtrlSetColor($LabelDefaults, $BlueText)
EndSelect
WEnd
Func Main()
Global $VarName[300]
Global $VarDescription[300]
Global $VarDefault[300]
Global $VarNew[300]
Global $iniFiles[300]
Global $VarCount = 0
Global $FilesCount = 0
Global $ListCount = 0
Global $EndIt = 0
Global $Foundini = 0
Global $DefaultExists = 0, $UserExists = 0, $BothExist = 0
Global $CfgFile
Global $DefaultKeys
Global $FoundInUser
FileClose($CfgFile)
GUICtrlSetData($VariableList, "")
If FileExists("DefaultVariables.inc") <> 0 Then $DefaultExists = 1
If FileExists("UserVariables.inc") <> 0 Then $UserExists = 1
If FileExists("DefaultVariables.sav") <> 0 Then $DefSaveExists = 1
If $DefaultExists = 1 And $UserExists = 1 Then $BothExist = 1
If $DefaultExists = 1 And $BothExist = 0 Then
FileCopy("DefaultVariables.inc", "UserVariables.inc", 1)
FileMove("DefaultVariables.inc", "DefaultVariables.sav", 1)
EndIf
If $DefaultExists = 0 And $UserExists = 0 Then
If $DefSaveExists = 1 Then
FileCopy("DefaultVariables.sav", "UserVariables.inc", 1)
$DefaultExists = 1
Else
MsgBox(16,"EnigmaConfigure Error!", "Variables files!" & @CRLF & @CRLF & "Please reinstall Enigma")
EndIf
EndIf
If $DefaultExists = 1 And $BothExist = 1 Then
$DefaultKeys = IniReadSection("DefaultVariables.inc", "Variables" )
If IsArray($DefaultKeys) Then
For $a = 1 To $DefaultKeys[0][0]
$FoundInUser = IniRead("UserVariables.inc","Variables",$DefaultKeys[$a][0],"KeyMissing")
If $FoundInUser = "KeyMissing" Then
IniWrite("UserVariables.inc","Variables", $DefaultKeys[$a][0],$DefaultKeys[$a][1])
EndIf
Next
Else
MsgBox(16,"EnigmaConfigure Error!", "Invalid DefaultVariables.inc file" & @CRLF & @CRLF & "Please reinstall Enigma")
Exit
EndIf
FileMove("DefaultVariables.inc", "DefaultVariables.sav", 1)
EndIf
If FileFindFirstFile("..\..\..\Enigma.*") = -1 Then
MsgBox(16, "EnigmaConfigure Error!", "Unable to locate \Skins\Enigma" & @CRLF & @CRLF & "EnigmaConfigure.exe must reside in" & @CRLF & _
"\Skins\Enigma\Resources\Variables")
Exit
EndIf
$SkinPath = "..\..\..\Enigma\"
$SkinArray = _FileListToArrayXT($SkinPath, "*.ini", 1, 2, True, "Desktop.ini", 1)
For $a = 1 To $SkinArray[0]
_ReplaceStringInFile($SkinArray[$a],"@include=#SKINSPATH#Enigma\Resources\Variables\DefaultVariables.inc","@include=#SKINSPATH#Enigma\Resources\Variables\UserVariables.inc")
Next
$CfgFile = FileOpen ("EnigmaConfigure.cfg", 0)
$VariableSection = FileReadLine ($CfgFile)
Do
$VarCount = $VarCount + 1
$VarName[$VarCount] = FileReadLine ($CfgFile)
$VarDescription[$VarCount] = FileReadLine ($CfgFile)
$VarDefault[$VarCount] = IniRead("UserVariables.inc","Variables",$VarName[$VarCount],"")
If $VarName[$VarCount] = "[Files]" Then $EndIt = 1
Until $EndIt = 1
$iniFiles[1] = $VarDescription[$VarCount]
$FilesCount = $FilesCount + 1
While @error <> -1
$FilesCount = $FilesCount + 1
$iniFiles[$FilesCount] = FileReadLine ($CfgFile)
WEnd
FileClose ($CfgFile)
$VarCount = $VarCount - 1
$FilesCount = $FilesCount - 1
For $ListCount = 1 to $VarCount
GUICtrlSetData($VariableList,$VarName[$ListCount] & "|")
Next
ControlCommand ( "", "", $VariableList, "SetCurrentSelection", 0)
EndFunc ;==>Main
Code: Select all
; #FUNCTION# ===========================================================================================
; Name: _FileListToArrayXT
; Description: Lists files and\or folders in specified path(s) (Similar to using Dir with the /B Switch)
; additional features: multi-path, multi-filter, multi-exclude-filter, path format options, recursive search
; Syntax: _FileListToArrayXT([$sPath = @ScriptDir, [$sFilter = "*", [$iRetItemType, [$bRecursive = False, [$sExclude = "", [$iRetFormat = 1]]]]]])
; Parameter(s): $sPath = optional: Search path(s), semicolon delimited (default: @ScriptDir)
; (Example: "C:\Tmp;D:\Temp")
; $sFilter = optional: Search filter(s), semicolon delimited . Wildcards allowed. (default: "*")
; (Example: "*.exe;*.txt")
; $iRetItemType = Include in search: 0 = Files and Folder, 1 = Files Only, 2 = Folders Only
; $iRetPathType = Returned element format: 0 = file/folder name only, 1 = relative path, 2 = full path
; $bRecursive = optional: True: recursive search including all subdirectories
; False (default): search only in specified folder
; $sExclude = optional: Exclude filter(s), semicolon delimited. Wildcards allowed.
; (Example: "Unins*" will remove all files/folders that begin with "Unins")
; $iRetFormat = optional: return format
; 0 = one-dimensional array, 0-based
; 1 = one-dimensional array, 1-based (default)
; 2 = String ( "|" delimited)
; Requirement(s): AutoIt Version 3.3.1.1 or newer
; Return Value(s): on success: 1-based or 0-based array or string (dependent on $iRetFormat)
; If no path is found, @error and @extended are set to 1, returns empty string
; If no filter is found, @error and @extended are set to 2, returns empty string
; If $iRetFormat is invalid, @error and @extended are set to 3, returns empty string
; If no data is found, @error and @extended are set to 4, returns empty string
; Author(s): Half the AutoIt Community
; ====================================================================================================
Func _FileListToArrayXT($sPath = @ScriptDir, $sFilter = "*", $iRetItemType = 0, $iRetPathType = 0, $bRecursive = False, $sExclude = "", $iRetFormat = 1)
Local $hSearchFile, $sFile, $sFileList, $sWorkPath, $sRetPath, $iRootPathLen, $iPCount, $iFCount, $fDirFlag
;[check and prepare parameters]
;---------------
If $sPath = -1 Or $sPath = Default Then $sPath = @ScriptDir
;strip leading/trailing spaces and semi-colons, all adjacent semi-colons, and spaces surrounding semi-colons
$sPath = StringRegExpReplace(StringRegExpReplace($sPath, "(\s*;\s*)+", ";"), "\A;|;\z", "")
;check that at least one path is set
If $sPath = "" Then Return SetError(1, 1, "")
;-----
If $sFilter = -1 Or $sFilter = Default Then $sFilter = "*"
;prepare filter
;strip leading/trailing spaces and semi-colons, all adjacent semi-colons, and spaces surrounding semi-colons
$sFilter = StringRegExpReplace(StringRegExpReplace($sFilter, "(\s*;\s*)+", ";"), "\A;|;\z", "")
;check for invalid chars or that at least one filter is set
If StringRegExp($sFilter, "[\\/><:\|]|(?s)\A\s*\z") Then Return SetError(2, 2, "")
If $bRecursive Then
;Convert $sFilter for Regular Expression
$sFilter = StringRegExpReplace($sFilter, '([\Q\.+[^]$(){}=!\E])', '\\$1')
$sFilter = StringReplace($sFilter, "?", ".")
$sFilter = StringReplace($sFilter, "*", ".*?")
$sFilter = "(?i)\A(" & StringReplace($sFilter, ";", "$|") & "$)" ;case-insensitive, convert ';' to '|', match from first char, terminate strings
;$sFilter = "(?i)\A" & StringReplace($sFilter, ";", "|") & "\z"
EndIf
;-----
If $iRetItemType <> "1" And $iRetItemType <> "2" Then $iRetItemType = "0"
;-----
If $iRetPathType <> "1" And $iRetPathType <> "2" Then $iRetPathType = "0"
;-----
$bRecursive = ($bRecursive = "1")
;-----
If $sExclude = -1 Or $sExclude = Default Then $sExclude = ""
If $sExclude Then
;prepare $sExclude
;strip leading/trailing spaces and semi-colons, all adjacent semi-colons, and spaces surrounding semi-colons
$sExclude = StringRegExpReplace(StringRegExpReplace($sExclude, "(\s*;\s*)+", ";"), "\A;|;\z", "")
;Convert $sExclude for Regular Expression
$sExclude = StringRegExpReplace($sExclude, '([\Q\.+[^]$(){}=!\E])', '\\$1')
$sExclude = StringReplace($sExclude, "?", ".")
$sExclude = StringReplace($sExclude, "*", ".*?")
$sExclude = "(?i)\A(" & StringReplace($sExclude, ";", "$|") & "$)" ;case-insensitive, convert ';' to '|', match from first char, terminate strings
;$sExclude = "(?i)\A" & StringReplace($sExclude, ";", "|") & "\z"
EndIf
;-----
;If $iRetFormat <> "0" And $iRetFormat <> "2" Then $iRetFormat = "1"
If Not ($iRetItemType = 0 Or $iRetItemType = 1 Or $iRetItemType = 2) Then Return SetError(3, 3, "")
;---------------
;[/check and prepare parameters]
;---------------
Local $aPath = StringSplit($sPath, ';', 1) ;paths array
Local $aFilter = StringSplit($sFilter, ';', 1) ;filters array
;---------------
If $bRecursive Then ;different handling for recursion (strategy: unfiltered search for all items and filter unwanted)
If $sExclude Then ;different handling dependent on $sExclude parameter is set or not
For $iPCount = 1 To $aPath[0] ;Path loop
$sPath = StringRegExpReplace($aPath[$iPCount], "[\\/]+\z", "") & "\" ;ensure exact one trailing slash
If Not FileExists($sPath) Then ContinueLoop
$iRootPathLen = StringLen($sPath) - 1
Local $aPathStack[1024] = [1, $sPath]
While $aPathStack[0] > 0
$sWorkPath = $aPathStack[$aPathStack[0]]
$aPathStack[0] -= 1
;-----
$hSearchFile = FileFindFirstFile($sWorkPath & '*')
If @error Then ContinueLoop
;-----
Switch $iRetPathType
Case 2 ;full path
$sRetPath = $sWorkPath
Case 1 ;relative path
$sRetPath = StringTrimLeft($sWorkPath, $iRootPathLen + 1)
EndSwitch
;-----
Switch $iRetItemType
Case 1
While True ;Files only
$sFile = FileFindNextFile($hSearchFile)
If @error Then ExitLoop
$fDirFlag = @extended
If $fDirFlag Then
$aPathStack[0] += 1
If UBound($aPathStack) <= $aPathStack[0] Then ReDim $aPathStack[UBound($aPathStack) * 2]
$aPathStack[$aPathStack[0]] = $sWorkPath & $sFile & "\"
ContinueLoop
EndIf
If StringRegExp($sFile, $sExclude) Then ContinueLoop
If StringRegExp($sFile, $sFilter) Then
$sFileList &= $sRetPath & $sFile & "|"
EndIf
WEnd
Case 2
While True ;Folders only
$sFile = FileFindNextFile($hSearchFile)
If @error Then ExitLoop
$fDirFlag = @extended
If StringRegExp($sFile, $sExclude) Then ContinueLoop
If $fDirFlag Then
$aPathStack[0] += 1
If UBound($aPathStack) <= $aPathStack[0] Then ReDim $aPathStack[UBound($aPathStack) * 2]
$aPathStack[$aPathStack[0]] = $sWorkPath & $sFile & "\"
If StringRegExp($sFile, $sFilter) Then
$sFileList &= $sRetPath & $sFile & "|"
EndIf
EndIf
WEnd
Case Else
While True ;Files and Folders
$sFile = FileFindNextFile($hSearchFile)
If @error Then ExitLoop
$fDirFlag = @extended
If StringRegExp($sFile, $sExclude) Then ContinueLoop
If $fDirFlag Then
$aPathStack[0] += 1
If UBound($aPathStack) <= $aPathStack[0] Then ReDim $aPathStack[UBound($aPathStack) * 2]
$aPathStack[$aPathStack[0]] = $sWorkPath & $sFile & "\"
EndIf
If StringRegExp($sFile, $sFilter) Then
$sFileList &= $sRetPath & $sFile & "|"
EndIf
WEnd
EndSwitch
;-----
WEnd
FileClose($hSearchFile)
Next ;$iPCount - next path
Else ;If Not $sExclude
For $iPCount = 1 To $aPath[0] ;Path loop
$sPath = StringRegExpReplace($aPath[$iPCount], "[\\/]+\z", "") & "\" ;ensure exact one trailing slash
If Not FileExists($sPath) Then ContinueLoop
$iRootPathLen = StringLen($sPath) - 1
Local $aPathStack[1024] = [1, $sPath]
While $aPathStack[0] > 0
$sWorkPath = $aPathStack[$aPathStack[0]]
$aPathStack[0] -= 1
;-----
$hSearchFile = FileFindFirstFile($sWorkPath & '*')
If @error Then ContinueLoop
;-----
Switch $iRetPathType
Case 2 ;full path
$sRetPath = $sWorkPath
Case 1 ;relative path
$sRetPath = StringTrimLeft($sWorkPath, $iRootPathLen + 1)
EndSwitch
;-----
Switch $iRetItemType
Case 1
While True ;Files only
$sFile = FileFindNextFile($hSearchFile)
If @error Then ExitLoop
If @extended Then
$aPathStack[0] += 1
If UBound($aPathStack) <= $aPathStack[0] Then ReDim $aPathStack[UBound($aPathStack) * 2]
$aPathStack[$aPathStack[0]] = $sWorkPath & $sFile & "\"
ContinueLoop
EndIf
If StringRegExp($sFile, $sFilter) Then
$sFileList &= $sRetPath & $sFile & "|"
EndIf
WEnd
Case 2
While True ;Folders only
$sFile = FileFindNextFile($hSearchFile)
If @error Then ExitLoop
If @extended Then
$aPathStack[0] += 1
If UBound($aPathStack) <= $aPathStack[0] Then ReDim $aPathStack[UBound($aPathStack) * 2]
$aPathStack[$aPathStack[0]] = $sWorkPath & $sFile & "\"
If StringRegExp($sFile, $sFilter) Then
$sFileList &= $sRetPath & $sFile & "|"
EndIf
EndIf
WEnd
Case Else
While True ;Files and Folders
$sFile = FileFindNextFile($hSearchFile)
If @error Then ExitLoop
If @extended Then
$aPathStack[0] += 1
If UBound($aPathStack) <= $aPathStack[0] Then ReDim $aPathStack[UBound($aPathStack) * 2]
$aPathStack[$aPathStack[0]] = $sWorkPath & $sFile & "\"
EndIf
If StringRegExp($sFile, $sFilter) Then
$sFileList &= $sRetPath & $sFile & "|"
EndIf
WEnd
EndSwitch
;-----
WEnd
FileClose($hSearchFile)
Next ;$iPCount - next path
EndIf ;If $sExclude
Else ;If Not $bRecursive (strategy: filtered search for items)
If $sExclude Then ;different handling dependent on $sExclude parameter is set or not
For $iPCount = 1 To $aPath[0] ;Path loop
$sPath = StringRegExpReplace($aPath[$iPCount], "[\\/]+\z", "") & "\" ;ensure exact one trailing slash
If Not FileExists($sPath) Then ContinueLoop
;-----
Switch $iRetPathType
Case 2 ;full path
$sRetPath = $sPath
Case 1 ;relative path
$sRetPath = ""
EndSwitch
For $iFCount = 1 To $aFilter[0] ;filter loop
;-----
$hSearchFile = FileFindFirstFile($sPath & $aFilter[$iFCount])
If @error Then ContinueLoop
;-----
Switch $iRetItemType
Case 1 ;files Only
While True
$sFile = FileFindNextFile($hSearchFile)
If @error Then ExitLoop
If @extended Then ContinueLoop ;bypass folder
;check for exclude files
If StringRegExp($sFile, $sExclude) Then ContinueLoop
$sFileList &= $sRetPath & $sFile & "|"
WEnd
Case 2 ;folders Only
While True
$sFile = FileFindNextFile($hSearchFile)
If @error Then ExitLoop
If @extended Then ;bypass file
;check for exclude folder
If StringRegExp($sFile, $sExclude) Then ContinueLoop
$sFileList &= $sRetPath & $sFile & "|"
EndIf
WEnd
Case Else ;files and folders
While True
$sFile = FileFindNextFile($hSearchFile)
If @error Then ExitLoop
;check for exclude files/folder
If StringRegExp($sFile, $sExclude) Then ContinueLoop
$sFileList &= $sRetPath & $sFile & "|"
WEnd
EndSwitch
FileClose($hSearchFile)
Next ;$iFCount - next filter
Next ;$iPCount - next path
Else ;If Not $sExclude
For $iPCount = 1 To $aPath[0] ;Path loop
$sPath = StringRegExpReplace($aPath[$iPCount], "[\\/]+\z", "") & "\" ;ensure exact one trailing slash
If Not FileExists($sPath) Then ContinueLoop
;-----
Switch $iRetPathType
Case 2 ;full path
$sRetPath = $sPath
Case 1 ;relative path
$sRetPath = ""
EndSwitch
For $iFCount = 1 To $aFilter[0] ;filter loop
;-----
$hSearchFile = FileFindFirstFile($sPath & $aFilter[$iFCount])
If @error Then ContinueLoop
;-----
Switch $iRetItemType
Case 1 ;files Only
While True
$sFile = FileFindNextFile($hSearchFile)
If @error Then ExitLoop
If @extended Then ContinueLoop ;bypass folder
$sFileList &= $sRetPath & $sFile & "|"
WEnd
Case 2 ;folders Only
While True
$sFile = FileFindNextFile($hSearchFile)
If @error Then ExitLoop
If @extended Then ;bypass file
$sFileList &= $sRetPath & $sFile & "|"
EndIf
WEnd
Case Else ;files and folders
While True
$sFile = FileFindNextFile($hSearchFile)
If @error Then ExitLoop
$sFileList &= $sRetPath & $sFile & "|"
WEnd
EndSwitch
FileClose($hSearchFile)
Next ;$iFCount - next filter
Next ;$iPCount - next path
EndIf ;If $sExclude
EndIf ;If $bRecursive
;---------------
;set according return value
If $sFileList Then
Switch $iRetFormat
Case 2 ;return a delimited string
Return StringTrimRight($sFileList, 1)
Case 0 ;return a 0-based array
Return StringSplit(StringTrimRight($sFileList, 1), "|", 2)
Case Else ;return a 1-based array
Return StringSplit(StringTrimRight($sFileList, 1), "|", 1)
EndSwitch
Else
Return SetError(4, 4, "")
EndIf
EndFunc ;==>_FileListToArrayXT
Re: Sophos detects virus in Rainmeter 1.1
We need to identify what is being listed as virused and narrow it down to what is Rainmeter and what is not...I have gone over the HUD code with a fine tooth comb, and then I realize it is nothing in Rainmeter that is causing the virus detection...It is Mepu's installer.
I believe that Mepu is using autoIt to make his installer that being said, after extracting the installer code I find it to be a mess.
So this is not a Rainmeter issue.
the detection of WebParse.dll and your installer is, so we need to look here.
I am currently monitoring approximately 16 site forums and blogs to see if these issue keep popping up and if so in what AV software
I believe that Mepu is using autoIt to make his installer that being said, after extracting the installer code I find it to be a mess.
So this is not a Rainmeter issue.
the detection of WebParse.dll and your installer is, so we need to look here.
I am currently monitoring approximately 16 site forums and blogs to see if these issue keep popping up and if so in what AV software
-
- Posts: 163
- Joined: July 12th, 2009, 4:05 pm
- Location: The Island
Re: Sophos detects virus in Rainmeter 1.1
Clean as a whistle
Using ESET Nod32 Antivirus 4.0.467.0.
Using ESET Nod32 Antivirus 4.0.467.0.