Virus alert maintenanceservice_installer.exe FMCEESR31.1.1

Post Reply
trockenasche
Posts:26
Joined:Tue Nov 22, 2011 11:46 am
Virus alert maintenanceservice_installer.exe FMCEESR31.1.1

Post by trockenasche » Tue Nov 04, 2014 4:20 am

I just download FMCEESR 31.1.1 and made an administrative installationpoint. By this I got a anti-virus alert about maintenanceservice_installer.exe
have a look here https://www.virustotal.com/de/file/7692 ... 415091418/
It's the first time for a virus alert, I probably don't gone use this packet until it will be fixed.
I tried also the FMCE 32.0.1 with no alert.

marble01
Posts:9
Joined:Thu Jul 01, 2010 9:53 am

Re: Virus alert maintenanceservice_installer.exe FMCEESR31.1

Post by marble01 » Tue Nov 04, 2014 9:54 am

This is troublesome. The maintenanceservice_installer.exe from https://ftp.mozilla.org/pub/mozilla.org ... US/Firefox Setup 31.1.1esr.exe does not seem to report any viruses from Virustotal where as the one from FMFirefoxCEESR-31.1.1-en-US.msi does.

trockenasche
Posts:26
Joined:Tue Nov 22, 2011 11:46 am

Re: Virus alert maintenanceservice_installer.exe FMCEESR31.1

Post by trockenasche » Wed Nov 05, 2014 11:33 am

2 more alerts:
helper.exe from FMCEESR 31.0 and FMCEESR 31.1.1
https://www.virustotal.com/de/file/5006 ... 415204700/

and the maintenanceservice_installer.exe from FMCEESR 31.0
https://www.virustotal.com/de/file/3f0c ... 415204873/

I'm getting a bit scarred about this alerts. Maybe it's false positive but still than, the original file seems to be not affected.

marble01
Posts:9
Joined:Thu Jul 01, 2010 9:53 am

Re: Virus alert maintenanceservice_installer.exe FMCEESR31.1

Post by marble01 » Thu Nov 06, 2014 7:33 am

It appears that FMFirefoxCEESR-31.2.0 has the same virus scan results from Virustotal.

User avatar
DraconPern
Site Admin
Posts:1218
Joined:Thu Oct 30, 2003 11:47 pm
Location:Texas
Contact:

Re: Virus alert maintenanceservice_installer.exe FMCEESR31.1

Post by DraconPern » Thu Nov 06, 2014 9:33 pm

Hm... I am guessing it's because the file isn't signed and heuristic scans is flagging it. Since it is designed to run as a service and download. Let me see if I can just remove the program without affecting functionality.
FrontMotion Lead Developer

trockenasche
Posts:26
Joined:Tue Nov 22, 2011 11:46 am

Re: Virus alert maintenanceservice_installer.exe FMCEESR31.1

Post by trockenasche » Fri Nov 07, 2014 2:38 pm

It isn't just the maintenanceservice_installer.exe file, it's also
helper.exe
and
webapp-uninstaller.exe
have a look https://www.virustotal.com/file/1344219 ... 415358077/

User avatar
DraconPern
Site Admin
Posts:1218
Joined:Thu Oct 30, 2003 11:47 pm
Location:Texas
Contact:

Re: Virus alert maintenanceservice_installer.exe FMCEESR31.1

Post by DraconPern » Sat Nov 08, 2014 3:28 am

So, I am checking into this, and so far here's my results.

Using ClamAV, FMFirefoxCEESR 31.x all trigger on maintenanceservice_installer.exe and helper.exe. FMFirefoxCE 31.0 did not trigger. The issue definitly is upstream. I am going to check the source code between the ESR and none esr tree because 31.0 should be the same code.
FrontMotion Lead Developer

User avatar
DraconPern
Site Admin
Posts:1218
Joined:Thu Oct 30, 2003 11:47 pm
Location:Texas
Contact:

Re: Virus alert maintenanceservice_installer.exe FMCEESR31.1

Post by DraconPern » Tue Nov 18, 2014 1:03 am

After a lot of test of recompiling w/ VS2012 and VS2013 with patches and without patches on new machines, I have to conclude that it's a false detection.
FrontMotion Lead Developer

marble01
Posts:9
Joined:Thu Jul 01, 2010 9:53 am

Re: Virus alert maintenanceservice_installer.exe FMCEESR31.1

Post by marble01 » Thu Nov 20, 2014 9:26 am

Thanks for the update!

User avatar
DraconPern
Site Admin
Posts:1218
Joined:Thu Oct 30, 2003 11:47 pm
Location:Texas
Contact:

Re: Virus alert maintenanceservice_installer.exe FMCEESR31.1

Post by DraconPern » Thu Nov 20, 2014 11:16 pm

One positive thing that came out of this is that I will now compile using VS2013 instead of VS2010. Mozilla uses VS2013 to compile Firefox ESR 31 and up so this will be a good change.
FrontMotion Lead Developer

Post Reply