NASM virus issues.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

NASM virus issues.

David Harris
I normally compile OpenSSL with "no-asm", but this time I thought I'd try
installing NASM and seeing what difference, if any, it actually made.

I downloaded NASM from the official site (which I believe to be
http://www.nasm.us) and, as I always do with anything I source from outside my
firewall, ran it through virustotal (https://www.virustotal.com/gui/home/upload).

It reports 11 different scanners out of 72 finding malware in the file
(nasm-2.15.01-installer-x86.exe). Now, one or two reports from Virustotal is
normal - there are so many scanners out there that there are bound to be
occasional false-positives... But 11 is more than I have ever seen on something
that supposedly wasn't infected. Interestingly, VirusTotal did not have cached
results for this file, meaning that nobody else has tested it in the last month or
so.

Google didn't reveal any insight, and the NASM project doesn't have any contact
options that don't involve registration or mailing lists or I'd report this to them.
There is no mention of anything like this in their forum.

11 reports is too many for me to feel safe using this product, so for now I'll keep
using no-asm, and hope that it's not going to get more deprecated than it
apparently is at present (based on the comments in INSTALL).

If anyone on the list has a NASM account or knows any of the maintainers,
could they pass this on? They really should be aware of it.

Cheers!

-- David --

Reply | Threaded
Open this post in threaded view
|

Re: NASM virus issues.

Tomas Mraz-2
On Sun, 2020-06-28 at 15:12 +1200, David Harris wrote:

> I normally compile OpenSSL with "no-asm", but this time I thought I'd
> try
> installing NASM and seeing what difference, if any, it actually made.
>
> I downloaded NASM from the official site (which I believe to be
> http://www.nasm.us) and, as I always do with anything I source from
> outside my
> firewall, ran it through virustotal (
> https://www.virustotal.com/gui/home/upload).
>
> It reports 11 different scanners out of 72 finding malware in the
> file
> (nasm-2.15.01-installer-x86.exe). Now, one or two reports from
> Virustotal is
> normal - there are so many scanners out there that there are bound to
> be
> occasional false-positives... But 11 is more than I have ever seen on
> something
> that supposedly wasn't infected. Interestingly, VirusTotal did not
> have cached
> results for this file, meaning that nobody else has tested it in the
> last month or
> so.
>
> Google didn't reveal any insight, and the NASM project doesn't have
> any contact
> options that don't involve registration or mailing lists or I'd
> report this to them.
> There is no mention of anything like this in their forum.
>
> 11 reports is too many for me to feel safe using this product, so for
> now I'll keep
> using no-asm, and hope that it's not going to get more deprecated
> than it
> apparently is at present (based on the comments in INSTALL).
>
> If anyone on the list has a NASM account or knows any of the
> maintainers,
> could they pass this on? They really should be aware of it.

I'd recommend reporting your findings to the NASM bugzilla
http://bugzilla.nasm.us/ or to their forum at
https://forum.nasm.us/

--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]