Installation of SDK fails: Virus warning \bin\merssh.exe

rob_kouw · 28 December 2020 19:23

Working with Windows 10 Pro, 64-bits, up-to-date.

Earlier today Bitdefender quarantined a part of the SDK. “The file C:\SailfishOS\bin\merssh.exe is infected with Gen:Variant.Ulise.141564 and was moved to quarantine.”

I thought I’d better do a re-install, but now I cannot install the SDK at all. Not through the online installer, nor through the complete download.

The error message is something like “Cannot open file …\bin\merssh.exe for writing: access is denied.” Ignoring is not an option. I even disabled Windows App Control and Bitdefender for a while, but no joy. Any ideas?

rob_kouw · 29 December 2020 08:38

I managed to re-install to a new folder under C:\Users. But again the message that merssh.exe is infected. I moved it out of quarantine, uploaded it to VirusTotal. It receives 12 hits:
Ad-Aware - Gen:Variant.Ulise.141564
ALYac - Gen:Variant.Ulise.141564
Arcabit - Trojan.Ulise.D228FC
BitDefender - Gen:Variant.Ulise.141564
Cybereason - Malicious.f5988a
Cylance - Unsafe
Emsisoft - Gen:Variant.Ulise.141564 (B)
eScan - Gen:Variant.Ulise.141564
FireEye - Gen:Variant.Ulise.141564
GData - Gen:Variant.Ulise.141564
MAX - Malware (ai Score=86)
Qihoo-360 - Generic/Trojan.a24

rozgwi · 29 December 2020 09:39

How did you download the SDK? Online or offline installer? Did you verify your download afterwards using the provided checksum?
Maybe redownloading solves the issue?

Virus scanners are not infallible, to the contrary. Maybe it’s helpful to investigate the definition of Variant.Ulise.141564. As the name suggests, merssh.exe contains a SSH (secure shell) tunnel client. This might classify as trojan horse for overzealous scanners.

What does the built-in Windows Defender have to say when you scan the binary file with it?

Sidenote:
I wouldn’t want to tell you to get rid of Bitdefender but in my opinion the included antivirus / defense tools from Microsoft are all you need. They’ve brought them up to par with today’s security demands years ago.
It’s not uncommon that the intrusive methods of (above all free) virus scanners introduce security vulnerabilities by themselves.
(To be taken with a grain of salt, I might be wrong)

rob_kouw · 29 December 2020 10:39

Thanks rowzgi. I took the offline installer, and the checksum is corresponding with the listing on the website. So I will trust it.

Just bought a new Bitdefender license, will reconsider next year

coderus · 30 December 2020 12:02

report of merssh.exe from latest sdk

rob_kouw · 30 December 2020 12:33

Hi coderus, so since a few days VirusTotal shows even more hits. Now what would be the way forward?

coderus · 30 December 2020 14:08

wait for Jolla devs reply

rgrnetalk · 4 January 2021 13:15

Try to add an exclusion for the directory the SDK is installed in (default C:\SailfishOS): virus and threatprotection => settings for virus and threatprotection (manage settings) => exclusions (add or remove exclusions) => + Add an exclusion
(I managed to install the SDK again adding this exclusion and temporarily switch off the virus protection)
(Had to translate the windows terms from Dutch, so maybe they are not totally correct…)