Moodle
  1. Moodle
  2. MDL-31336

Moodle package download triggering Sophos AV

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.1
    • Fix Version/s: None
    • Component/s: Security Alert
    • Labels:
    • Testing Instructions:
      Hide

      Download Moodle for installation from link on Moodle.org with Sophos Endpoint Security and Control v10 running as antivirus

      Show
      Download Moodle for installation from link on Moodle.org with Sophos Endpoint Security and Control v10 running as antivirus
    • Affected Branches:
      MOODLE_21_STABLE
    • Rank:
      37811

      Description

      On trying to download 1.9.16 and 2.2 latest version on Friday (20th Jan) our Sophos antivirus reported that the server the packages were downloading from had issues with trojans and blocked the download. I asked a question on Moodle.org and Mauno suggested filing an issue as the link was going to a server that had previously had issues. We are running Sophos Endpoint Security and Control v10

      For details of thread see here - http://moodle.org/mod/forum/discuss.php?d=194335

        Activity

        Hide
        Michael de Raadt added a comment -

        Thanks for reporting this.

        I've sent an email to not-spam@labs.sophos.com. We'll see where that goes.

        Show
        Michael de Raadt added a comment - Thanks for reporting this. I've sent an email to not-spam@labs.sophos.com. We'll see where that goes.
        Hide
        Martin Dougiamas added a comment -

        Is it perhaps because the download redirects to Sourceforge?

        Show
        Martin Dougiamas added a comment - Is it perhaps because the download redirects to Sourceforge?
        Hide
        Mauno Korpelainen added a comment -

        Most likely yes - so even if the files of moodle are clean Sourceforge is using subservers like freefr.dl.sourceforge.net or garr.dl.sourceforge.net with .../download?use_mirror=freefr and .../download?use_mirror=garr and these mirrorservers have (had) different trojans - and Sophos blocks access to those mirror sites.

        McAfee and Siteadvisor report some trojans there too - see http://www.siteadvisor.com/sites/freefr.dl.sourceforge.net/downloads/ and http://www.siteadvisor.com/sites/garr.dl.sourceforge.net/downloads/ - but obviously Sophos is the first antivirus program blocking download on this basis.

        Show
        Mauno Korpelainen added a comment - Most likely yes - so even if the files of moodle are clean Sourceforge is using subservers like freefr.dl.sourceforge.net or garr.dl.sourceforge.net with .../download?use_mirror=freefr and .../download?use_mirror=garr and these mirrorservers have (had) different trojans - and Sophos blocks access to those mirror sites. McAfee and Siteadvisor report some trojans there too - see http://www.siteadvisor.com/sites/freefr.dl.sourceforge.net/downloads/ and http://www.siteadvisor.com/sites/garr.dl.sourceforge.net/downloads/ - but obviously Sophos is the first antivirus program blocking download on this basis.
        Hide
        Gordon McLeod added a comment -

        Just to update - the packages are now downloading without a problem.
        Thanks, Gordon.

        Show
        Gordon McLeod added a comment - Just to update - the packages are now downloading without a problem. Thanks, Gordon.
        Hide
        Michael de Raadt added a comment -

        Well, I didn't receive any response from Sophos, but it looks like contacting the did the trick.

        If there are any similar future problems, please launch a new issue.

        Show
        Michael de Raadt added a comment - Well, I didn't receive any response from Sophos, but it looks like contacting the did the trick. If there are any similar future problems, please launch a new issue.

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: