Malware - Trojan found on some source files using Metascanner tool

search cancel

Malware - Trojan found on some source files using Metascanner tool

book

Article ID: 428363

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager CA Service Desk Manager

Issue/Introduction

Using the Metascanner tool, a malware/trojan is found by some engine for some files on ServiceDesk source files.

Example :

File eTFWExplorer.jar found in these directories :

products\SDM\casd.nt\MDB\MSSQL\lib
products\SDM\casd.nt\MDB\ORACLE\lib
scripts\CDB\lib

is detected as infected by METASCANNER :

Avira       -> EXP/ACF.CVE.eukcf
BitDefender -> Trojan.Generic.7792...
Emisoft     -> Trojan.Generic.7792...
IKARUS      -> Exploit.AVF

File APPLYPTF.exe found in directory filestore\utils

is detected as infected by METASCANNER :

BitDefender -> Trojan.Generic.74157920
Emisoft     -> Trojan.Generic.74157920

Environment

Service Desk 17.4

Resolution

This is false positive detections and they could be ignored.

APPLYPTF.exe
The Metascanner identifies this file as an invalid executable due to the Windows API operations it performs to manage permissions. However, this is a standard patching tool designed specifically for these operations.

etFWExplorer.jar
The flag on this file is also a false positive. The scanner cites a potential Java Applet vulnerability involving the execution of malicious code from remote URLs. However, the MDB patch that runs during installation is not a website and does not contain any malicious code, rendering this specific exploit vector inapplicable. MDB Patch requires this jar

Conclusion :
The problems detected by Metascanner for applyptf.exe and etFWExplorer.jar are false positive. Both tiles are safe.

Feedback

thumb_up Yes

thumb_down No