Search   Recent Topics     Member Listing   Register /  Login 
JCAPI32.dll detected as malware by Sophos (antivirus)
Forum Index -> General Issues
Author Message
igor.conti
Advanced

Joined: Sep 25, 2009
Messages: 40
Offline

Hi Tommy,

Since we have upgraded to JCAPI v2 (a week ago) we have some problems : JCAPI32.dll is detected as a malware by Sophos antivirus (Trojan.Mal/Packer) and then the following error occurs (normal because the antivirus deletes the dll as soon as it is copied in the Temp directory)

Code:
 Exception in thread "AWT-EventQueue-2" java.lang.ExceptionInInitializerError
             at websign.process.Kernel.<init>(Kernel.java:158)
             at websign.ui.WebSign.<init>(WebSign.java:106)
             at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
             at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
             at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
             at java.lang.reflect.Constructor.newInstance(Unknown Source)
             at java.lang.Class.newInstance0(Unknown Source)
             at java.lang.Class.newInstance(Unknown Source)
             at interbatloader.InterbatLoader.startSubApplet(InterbatLoader.java:662)
             at interbatloader.InterbatLoader.access$600(InterbatLoader.java:63)
             at interbatloader.InterbatLoader$4.run(InterbatLoader.java:475)
             at java.awt.event.InvocationEvent.dispatch(Unknown Source)
             at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
             at java.awt.EventQueue.access$000(Unknown Source)
             at java.awt.EventQueue$1.run(Unknown Source)
             at java.awt.EventQueue$1.run(Unknown Source)
             at java.security.AccessController.doPrivileged(Native Method)
             at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
             at java.awt.EventQueue.dispatchEvent(Unknown Source)
             at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
             at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
             at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
             at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
             at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
             at java.awt.EventDispatchThread.run(Unknown Source)
 Caused by: java.security.ProviderException: C:\Documents and Settings\yves\Local Settings\Temp\JCAPI32.dll: Accès refusé
             at com.pheox.jcapi.o.a(Unknown Source)
             at com.pheox.jcapi.JCAPIProvider.<clinit>(Unknown Source)
             ... 25 more
 


Of course I think that there's no malware because other antivirus don't detect it (Avast for example).
Could you give me your opinion about this problem.

Edit : same problem with some versions of BitDefender

Thank you in advance.

Regards,
Igor
tommy
Pheox Support

Joined: May 30, 2005
Messages: 148
Offline

Hi Igor,

That's bad. The problem is that we're using an obfuscation tool which is also available to other parties. Unfortunately some of them apparently uses it for concealing viruses and other nuisance which produces false positives in some AV tools.
This is not acceptable. Honestly, there's no reason for us to obfuscate already licensed versions of JCAPI, but we're using this tool throughout out our whole product line since it will protect our trial versions and at the same time work as a good DLL packer for our licensed versions.

We'll do it like this; I'll contact our manufacturer and ask them for tailor made version of their tool (to produce a unique signature) to use. If it's not possible, then we'll release a new version of JCAPI without obfuscation.

I would probably get some answers within the coming days. I'm sorry if it has caused you any serious problems. We'll fix this.
I'll keep you updated as well.

Regards,
Tommy
igor.conti
Advanced

Joined: Sep 25, 2009
Messages: 40
Offline

Hi Tommy,

OK that's not too bad for us but the number of organisms that use Sophos is really incredible (Avast don't cause any problem and it's free) and we have to explain that its a false-positive (isn't it ?...) and that they have to make an exception for this file.

The policy of Sophos is a bit paranoid (they explain that clearly on their website) : if the dll contains some pattern that already been used in a virus then it kills it.

I'll wait for some good news from you.

Regards,
Igor
tommy
Pheox Support

Joined: May 30, 2005
Messages: 148
Offline

Hi Igor,

It was decided to remove the obfuscation tool for licensed versions of JCAPI. We've made a new release which you and all other customers can download from our customer service page:
https://pheox.com/customer/

Just let us know if you have any questions or issues.

Regards,
Tommy
igor.conti
Advanced

Joined: Sep 25, 2009
Messages: 40
Offline

Hi Tommy,

That's some good news but the new release sems to be the 1.2.7 and my problem concerned JCAPI v2 (I no longer use JCAPI v1) is there a new release for this version too ? I don't find it where can I download it ?

Regards,
Igor
tommy
Pheox Support

Joined: May 30, 2005
Messages: 148
Offline

Hi Igor,

Yes, we've made two new independent releases; one for v1 (crash in w2k) and one for v2 (removed obfuscation).

Since we've just repackaged and not changed the code in the JCAPI DLL, we decided to not increment the version number in v2. It would also look strange if we had to increase the commercial version of JCAPI but not its evaluation counter part.
So, just visit our customer service download page and download JCAPI v2.1.1:
https://pheox.com/customer/download/products

Regards,
Tommy
 
  Forum Index -> General Issues
Go to: