Can anyone tell me how I can verify if these virus alerts are valid or false positives:
C:\Program Files\IBM\WebSphere Studio\eclipse\plugins\org.eclipse.platform.doc.isv_2.0.0\doc.zip/product_update.htm infected: VBS.Spth.Jsg.B@mm C:\Program Files\Rational\Rational Test\QualityArchitect\j2ee.jar/MimeMappingDialog.class infected: BAT.Trojan.DeltreeY.ax C:\Programs\Java\j2ee\j2sdkee1.3.1\lib\j2ee.jar/ObjectKey.class infected: IRC-Worm.HIQ.A C:\Programs\Java\Sun\AppServer\jdk\jre\lib\rt.jar/CacheEntry.class infected: Backdoor.SDBot.Gen C:\Programs\JBoss\jboss-3.2.3\client\jboss-common-client.jar/XmlHelper.class infected: BAT.SmogDopper C:\Programs\JBoss\jboss-3.2.3\client\jbossall-client.jar/XmlHelper.class infected: BAT.SmogDopper C:\Programs\JBoss\jboss-3.2.3\lib\jboss-common.jar/XmlHelper.class infected: BAT.SmogDopper C:\Programs\Java\J2ee\j2sdkee1.3.1\lib\j2ee.jar/ObjectKey.class infected: IRC-Worm.HIQ.A
If they are valid, how did they get infected? I don't have untrusted entries in the Run keys of the registry. The only other files showing virus alerts are countless emails we all receive and know better than to open (e.g., Skynet via PIF files.) All indication is that barring the J2EE classes above, my machine is not running a virus.
I was able to visually verify that the product_update.htm alert was a false positive, unless my eye missed something. I didn't see any scripting in the file.
Has anyone automated the process of verifying the integrity of their Java components? Do I have to compile to be sure? Even so, how do you know javac is not compromised?
In this case, I'd really like to check the integrity of just the individual classes, but don't really want to go through the hoops of downloading all the source and compiling, and I'm not sure that's possible in all cases or realistic.
Even on FreeBSD, where I compiled the JVM, I'm not sure what the best process is for daily checking the integrity of the classes. I dread recompiling the JVM since it takes so long, and will require bringing the server down.
Due to Window's lame file security, the possibility of having your Java classes in various libraries become infected is significantly higher on Windows than BSD/Linux/Unix OS's. The Windows box I'm concerned about is used for testing and production backup, though.
Until this is resolved, I'm not running J2EE on this computer. Unfortunately, since this is a test box, this puts a damper on my application escalation process, delying production updates