Windows Defender causing JOSM problems
Toby Murray
toby.murray at gmail.com
Thu Feb 22 02:30:05 UTC 2018
There was a definition update early this morning that seems to have fixed
this.
For the record, these three classes are the ones that got flagged:
org/openstreetmap/josm/data/validation/tests/OpeningHourTest.class
org/openstreetmap/josm/gui/io/CustomConfigurator$XMLCommandProcessor.class
org/openstreetmap/josm/tools/OverpassTurboQueryWizard.class
I don't see much regex in those files like I was theorizing about earlier.
I do see a lot of calls to an "eval" method which I could see being
flagged. Not because of this method in particular but "eval" functions are
often ways to get arbitrary code execution started.
Toby
On Wed, Feb 21, 2018 at 3:33 PM, Vincent Privat <vincent.privat at gmail.com>
wrote:
> Toby, are you still able to reproduce? My Windows Defender has been
> updated today and I cannot reproduce, even when downloading JOSM from IE or
> Edge.
> A manual scan doesn't report any warning neither.
>
> 2018-02-21 17:34 GMT+01:00 Toby Murray <toby.murray at gmail.com>:
>
>> JOSM plugins are not a factor here. Windows is scanning and flagging
>> the josm-latest.jar file as soon as a browser downloads it. I don't
>> remember exactly which class files it is flagging. One was an inner
>> class dealing with XML parsing. Given that the IntelliJ problem seems
>> to be with a regex related class, I wonder if there is a certain regex
>> string that is triggering it. I'm all Linux at work so I'll have to
>> check at home tonight to see if there is something simple in common
>> between the JOSM classes and the IntelliJ problem.
>>
>> Toby
>>
>> On Wed, Feb 21, 2018 at 5:52 AM, Florian von der Schäferbande 😉
>> <florian at schaeferban.de> wrote:
>> > Here are some other instances where this issue occurs:
>> >
>> > https://intellij-support.jetbrains.com/hc/en-us/community/
>> posts/360000091624-Trojan-Skeeyah-H
>> > https://youtrack.jetbrains.com/issue/IDEA-186808
>> > https://answers.launchpad.net/sikuli/+question/664458
>> >
>> > Maybe that could help with finding the cause. There are some mentions
>> of scripting in these links. Do you by chance have the scripting plugin
>> installed?
>> >
>> > Am 21. Februar 2018 12:38:21 MEZ schrieb Mike N <niceman at att.net>:
>> >>On 2/21/2018 3:46 AM, Toby Murray wrote:
>> >>> Windows Defender has apparently taken offense to JOSM in the latest
>> >>> malware signature update. Starting on February 19th mine started
>> >>> claiming to detect a trojan named Skeeyah.H in 3 different class
>> >>files
>> >>> inside of the JOSM JAR. Defender helpfully removed these class files
>> >>> from the JAR. JOSM is not amused by this and crashes on launch with a
>> >>> NoClassDefFoundError.
>> >>
>> >> What version of JOSM was this? I haven't seen this yet with Windows
>> >>Defender and JOSM 13367.
>> >
>> > --
>> > Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
>>
>>
>
More information about the josm-dev
mailing list