Hi,
On 11/13/2014 03:40 PM, Petrouchka wrote:
> I found the file in which AVG is founding a virus. It's /install/packs/pack-OpenJDK Development Kit installation files
> There's something strange, I cant unpack it :
> $ unpack200 pack-OpenJDK\ Development\ Kit\ installation\ files.pack a.jar
> Corrupted pack file: magic/ver = ACED0005/4.119 should be CAFED00D/150.7 OR CAFED00D/160.1
This looks like an izPack installation pack. I doubt that izPack uses
pack200 for compression (probably deflate or LZMA) and also compression
should be disabled in these installers, as they are zipped manually
after the build. So this is izPack internal format for installation
packs created by izPack compiler.
>
> Are you sure this file is safe ?
No, of course, I am not - "NO WARRANTY EVEN FOR FITNESS" and all this
GPL stuff :)
Seriously speaking, if all the files inside izPack's pack are safe then
it is highly unlikely that isPack will add something malicious to them.
OpenJDK binaries that are built during the build process are the same
for -installer and -image bundles, so they are most probably safe.But
there are also some auxiliary binaries included with installer taken
from some obscure old windows SDK's -
https://github.com/alexkasko/openjdk-unofficial-builds/tree/master/installer/windows-i586/uninstall/tools
Maybe AVG does not like some of them.
>
> ---
> Reply to this email directly or view it on GitHub:
>
https://github.com/alexkasko/openjdk-unofficial-builds/issues/20#issuecomment-62910085
>
--
-Alex