Alert: Why does EncrptPad use sockets?

81 views
Skip to first unread message

lukas.s...@gmail.com

unread,
Nov 18, 2018, 6:21:26 AM11/18/18
to EncryptPad
My f-secure virus protection raised an alarm and blocked EncryptPad for suspicious behaviour.
On github I then found Encryptpad is using sockets (ip_sockets.cpp).
Why should a texteditor access the internet???
To me this looks like a serious security flaw.
This is a no-go and I will not use it anymore.

/Lukas


Evgeny Pokhilko

unread,
Nov 18, 2018, 6:54:49 AM11/18/18
to lukas.s...@gmail.com, EncryptPad
Hi Lukas,

EncryptPad doesn't use sockets. ip_sockets.cpp comes with stlplus library. EncryptPad doesn't use the ip_sockets, tcp_sockets or udp_sockets provided by the library. You can download the source files and search if it makes any calls to those header files. There is none.

Regarding the anti-virus, unfortunately anti-viruses make false-positives sometimes (see https://github.com/evpo/EncryptPad/issues/67).

Regards,
Evgeny
> --
> You received this message because you are subscribed to the Google Groups "EncryptPad" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to encryptpad+...@googlegroups.com.
> To post to this group, send an email to encry...@googlegroups.com.
> To view this discussion on the web, visit https://groups.google.com/d/msgid/encryptpad/a0c31e62-ca1b-43cd-8083-78c0b33a53ee%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.


--
Evgeny Pokhilko
Message has been deleted

Evgeny Pokhilko

unread,
Nov 22, 2018, 4:32:00 AM11/22/18
to encry...@googlegroups.com
I am forwarding the reply Lukas received from f-secure regarding the false-positive identification

Begin forwarded message:

Date: Wed, 21 Nov 2018 12:55:02 +0100
From: Lukas
To: Evgeny
Subject: F-Secure: 01953692 encryptpad0_4_0_2_win32 malware warning - fals [ ref:_00Db0JXpV._5000X1bR3tp:ref ]


Dear Evgeny

See below the answer from f-secure.
It is now whitelisted.

Thanks anyway,
Lukas a


---- Original Message ----
Subject: F-Secure: 01953692 encryptpad0_4_0_2_win32 malware warning - fals
[ ref:_00Db0JXpV._5000X1bR3tp:ref ]
Sent: Nov 21, 2018 10:37 AM
From: F-Secure Customer Care
To: lukas
Cc:


Greetings,

Thank you for your submission.

We have identified the issue as a False Positive, which the file will be
white-listed and file reputation will be reflected via our security cloud.

If there is anything else we can help you with, please do not hesitate to
contact us again.


Best regards,
Hau Vei,
Malware Analyst
F-Secure Security Labs

*Visit our Labs blog at https://labsblog.f-secure.com/
<https://labsblog.f-secure.com/>*
*Give and get advice in our F-Secure Community at
https://community.f-secure.com <https://community.f-secure.com>*
*Contact Support at https://www.f-secure.com/support
<https://www.f-secure.com/support>*

in response to:
------------------------------


ref:_00Db0JXpV._5000X1bR3tp:ref




--------------- Original Message ---------------
*From:* F-Secure Customer
*Sent:* 21/11/2018 05:38
*To:* lukas
*Subject:* F-Secure: 01953692 encryptpad0_4_0_2_win32 malware warning - fals


Dear Customer,

Thank you for contacting F-Secure. We have received the following service
request submitted by you:

Number: 01953692
Created: 2018-11-20
Subject: encryptpad0_4_0_2_win32 malware warning - false positive

This is an automatic reply which is sent to you as an acknowledgement. Our
Customer Care will contact you as soon as possible.

While we respond as fast as possible, we prioritize phone calls and chats
over email. This may lead to longer response times for email requests. If
your request is urgent, please give us a call.

When contacting our technical support about this service request, please
tell the service request number mentioned in this e-mail. If you want to
send additional information about this service request, please reply to
this e-mail and keep the subject unchanged.

Note also that F-Secure Community is at your service. If you have questions
related to our products and services or want to discuss product issues or
safety in the digital world in general with other users, go to our
Community at http://community.f-secure.com

F-Secure Corporation
Customer Care






ref:_00Db0JXpV._5000X1bR3tp:ref


--
Evgeny Pokhilko

lukas.s...@gmail.com

unread,
Nov 30, 2018, 11:40:23 PM11/30/18
to EncryptPad
30.11.2018
After receiving the alert I sent the file to f-secure for further analysis.
f-secure confirmed it was a false positive and that they would include it in their white list.
Mail from f-secure: (I remove tags



Betreff: F-Secure: 01953692 encryptpad0_4_0_2_win32 malware warning -
fals [ ref:_00Db0JXpV._5000X1bR3tp:ref ]
Datum: Wed, 21 Nov 2018 09:37:03 +0000 (GMT)
Von: F-Secure Customer Care <customer-care(at)f-secure(dot)com>
An: lukas {removed private address}
Reply all
Reply to author
Forward
0 new messages