Pheox - Forums

Navigation
Forum Index Search Recent Topics Hottest Topics Top Downloads

Register / Login  |  Desktop view  |  Jump to bottom of page

General Issues » JCAPI32.dll detected as malware by Sophos (antivirus)

Author: igor.conti, Visitor
20/04/2012 11:56:39
Hi Tommy,

Since we have upgraded to JCAPI v2 (a week ago) we have some problems : JCAPI32.dll is detected as a malware by Sophos antivirus (Trojan.Mal/Packer) and then the following error occurs (normal because the antivirus deletes the dll as soon as it is copied in the Temp directory) 


Exception in thread "AWT-EventQueue-2" java.lang.ExceptionInInitializerError

            at websign.process.Kernel.<init>(Kernel.java:158)

            at websign.ui.WebSign.<init>(WebSign.java:106)

            at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

            at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)

            at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)

            at java.lang.reflect.Constructor.newInstance(Unknown Source)

            at java.lang.Class.newInstance0(Unknown Source)

            at java.lang.Class.newInstance(Unknown Source)

            at interbatloader.InterbatLoader.startSubApplet(InterbatLoader.java:662)

            at interbatloader.InterbatLoader.access$600(InterbatLoader.java:63)

            at interbatloader.InterbatLoader$4.run(InterbatLoader.java:475)

            at java.awt.event.InvocationEvent.dispatch(Unknown Source)

            at java.awt.EventQueue.dispatchEventImpl(Unknown Source)

            at java.awt.EventQueue.access$000(Unknown Source)

            at java.awt.EventQueue$1.run(Unknown Source)

            at java.awt.EventQueue$1.run(Unknown Source)

            at java.security.AccessController.doPrivileged(Native Method)

            at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)

            at java.awt.EventQueue.dispatchEvent(Unknown Source)

            at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)

            at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)

            at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)

            at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

            at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

            at java.awt.EventDispatchThread.run(Unknown Source)

Caused by: java.security.ProviderException: C:\Documents and Settings\yves\Local Settings\Temp\JCAPI32.dll: Accès refusé

            at com.pheox.jcapi.o.a(Unknown Source)

            at com.pheox.jcapi.JCAPIProvider.<clinit>(Unknown Source)

            ... 25 more


Of course I think that there's no malware because other antivirus don't detect it (Avast for example).
Could you give me your opinion about this problem.

Edit : same problem with some versions of BitDefender

Thank you in advance.

Regards,
Igor

Author: tommy, Visitor
20/04/2012 18:05:04
Hi Igor,

That's bad. The problem is that we're using an obfuscation tool which is also available to other parties. Unfortunately some of them apparently uses it for concealing viruses and other nuisance which produces false positives in some AV tools.
This is not acceptable. Honestly, there's no reason for us to obfuscate already licensed versions of JCAPI, but we're using this tool throughout out our whole product line since it will protect our trial versions and at the same time work as a good DLL packer for our licensed versions.

We'll do it like this; I'll contact our manufacturer and ask them for tailor made version of their tool (to produce a unique signature) to use. If it's not possible, then we'll release a new version of JCAPI without obfuscation.

I would probably get some answers within the coming days. I'm sorry if it has caused you any serious problems. We'll fix this.
I'll keep you updated as well.

Regards,
Tommy

Author: igor.conti, Visitor
20/04/2012 18:44:49
Hi Tommy,

OK that's not too bad for us but the number of organisms that use Sophos is really incredible (Avast don't cause any problem and it's free) and we have to explain that its a false-positive (isn't it ?...) and that they have to make an exception for this file.

The policy of Sophos is a bit paranoid (they explain that clearly on their website) : if the dll contains some pattern that already been used in a virus then it kills it.

I'll wait for some good news from you.

Regards,
Igor

Author: tommy, Visitor
21/04/2012 19:43:38
Hi Igor,

It was decided to remove the obfuscation tool for licensed versions of JCAPI. We've made a new release which you and all other customers can download from our customer service page:
https://pheox.com/customer/

Just let us know if you have any questions or issues.

Regards,
Tommy

Author: igor.conti, Visitor
23/04/2012 14:40:08
Hi Tommy,

That's some good news but the new release sems to be the 1.2.7 and my problem concerned JCAPI v2 (I no longer use JCAPI v1) is there a new release for this version too ? I don't find it where can I download it ?

Regards,
Igor

Author: tommy, Visitor
23/04/2012 16:35:31
Hi Igor,

Yes, we've made two new independent releases; one for v1 (crash in w2k) and one for v2 (removed obfuscation).

Since we've just repackaged and not changed the code in the JCAPI DLL, we decided to not increment the version number in v2. It would also look strange if we had to increase the commercial version of JCAPI but not its evaluation counter part.
So, just visit our customer service download page and download JCAPI v2.1.1:
https://pheox.com/customer/download/products

Regards,
Tommy




Register / Login  |  Desktop view  |  Jump to top of page