A Network Trojan was Detected - during SmartGit Update

18 views
Skip to first unread message

Leszek Imielski

unread,
Jul 14, 2021, 1:15:08 AMJul 14
to SmartGit
Everytime, when I want to update SmartGit  my firewalI blocks this process  and I receive this information about Trojan 

"A Network Trojan was Detected "
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO JAVA - Java Archive Download By Vulnerable Client"; flow:from_server,established; flowbits:isset,ET.http.javaclient.vulnerable; file_data; content:"PK"; depth:2; classtype:trojan-activity; sid:2014473; rev:5; metadata:created_at 2012_04_04, updated_at 2012_04_04;)

Is it a false alarm, or a real threat?

Screenshot 2021-07-13 at 17.37.08.png

syntevo Support

unread,
Jul 14, 2021, 4:03:27 AMJul 14
to smar...@googlegroups.com
> Everytime, when I want to update SmartGit my firewalI blocks this process
> and I receive this information about Trojan

If you had initially downloaded and installed SmartGit from our website, then it should be a false alarm. Anyway, feel free to check the binaries at VirusTotal:

https://www.virustotal.com/gui/

What exact firewall tool are you using? I have seen services like Cloudflare by default blocking Java clients, probably because Java is frequently used to create malware.

--
Best regards,
Marc Strapetz
syntevo GmbH
http://www.syntevo.com
> --
> You received this message because you are subscribed to the Google Groups
> "SmartGit" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> smartgit+u...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/smartgit/74484b6b-07f9-4cd5-b66a-8d4d84b43c9en%40googlegroups.com.
>

Leszek Imielski

unread,
Jul 14, 2021, 10:39:45 AMJul 14
to SmartGit
I use Synology router https://www.synology.com/en-global/products/RT2600ac
with Thread Prevention software (packet) installed https://www.synology.com/en-global/srm/feature/secure_network_foundation

Best regards
Leszek Imielski

syntevo Support

unread,
Jul 14, 2021, 5:22:58 PMJul 14
to smar...@googlegroups.com
I couldn't find any details on when exactly "Java Archive Download By Vulnerable Client" is reported, but from:

> alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO JAVA - Java Archive Download By Vulnerable Client"; flow:from_server,established; flowbits:isset,ET.http.javaclient.vulnerable; file_data; content:"PK"; depth:2; classtype:trojan-activity; sid:2014473; rev:5; metadata:created_at 2012_04_04, updated_at 2012_04_04;)

It sound like it will always complain if a Java client will receive e.g. jar files ("PK") over plain HTTP. SmartGit actually does that but the JARs and all other files are guarded against manipulation using RSA-2048. Hence, there shouldn't be a real threat.

--
Best regards,
Marc Strapetz
syntevo GmbH
http://www.syntevo.com


> --
> You received this message because you are subscribed to the Google Groups
> "SmartGit" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> smartgit+u...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/smartgit/ad3c8f45-2802-4d02-b828-d791100de02cn%40googlegroups.com.
>

Leszek Imielski

unread,
Jul 15, 2021, 2:13:24 AMJul 15
to SmartGit
Ok. You are correct. I think it's a false alarm.
Thank you for your assistance.
Best regards ,
Leszek Imielski
Reply all
Reply to author
Forward
0 new messages