Postgres Pro
Downloads
Home   >   mailing lists

Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected - Mailing list pgsql-bugs

From Manoj Agrawal
Subject Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected
Date
Msg-id CH2PR02MB611702812211D23E60C809F0E92F0@CH2PR02MB6117.namprd02.prod.outlook.com
Whole thread Raw
In response to Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected  (Magnus Hagander <magnus@hagander.net>)
Responses Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected
List pgsql-bugs
Tree view
Hi Magnus,

I apologies for troubling you at this time. But your questions are important I will try to answer all.

  1. URL from where I downloaded the installer
    https://www.enterprisedb.com/thank-you-downloading-postgresql?anid=1257093

    image as below:


    I have not taken checksum of the file.



  2. I did scanned the file with the url you below. Attaching the screen shot for your ref.


    Here are some of the details from the details tab. Attaching .pdf also for your reference.


Sir, please do let me know if any more information i can share with you. I will be more than happy to share with you.


Thanks and Regards
 
Manoj Agrawal
manoj.agrawal@hotmail.com

From: Magnus Hagander <magnus@hagander.net>
Sent: 22 December 2019 09:08 PM
To: Manoj Agrawal <manoj.agrawal@hotmail.com>
Cc: security@postgresql.org <security@postgresql.org>; pgsql-bugs@lists.postgresql.org <pgsql-bugs@lists.postgresql.org>
Subject: Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected
 


On Sun, Dec 22, 2019 at 4:26 PM Manoj Agrawal <manoj.agrawal@hotmail.com> wrote:
Dear PostgreSQL Team,

I am a regular ordinary user of your application.
I apologies for not following your bug and security template. I suppose this will be OK with you.

Kindly look at this screen from Windows 10 machine.

I have downloaded "postgresql-12.1-3-windows-x64.exe" from your website and during installation it is reporting Malware in one of your executable.


Exactly which URL did you download it from? And please provide a checksum (md5, sha1 or similar) of the file downloaded to your system.

 

PostgreSQL\12\bin\pg_ctl.exe
Threat detected: Trojan:Win32/Detplock
Alert level: Severe
Date: 22-12-2019 07:32 PM
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.

I need you to look into this on priority basis. As I am stuck-up

Hi!

Can you please take the file from your system and upload it to https://www.virustotal.com/gui/home/upload, and let us know what the detection there says?  It also gives you a link to the finished analysis, so please post the link to that one as well.

//Magnus

Attachment

pgsql-bugs by date:

Previous
From: Andres Freund
Date:
Subject: Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected
Next
From: PG Bug reporting form
Date:
Subject: BUG #16177: pg_event_trigger_ddl_commands() returns empty set for ddl_command_start and "drop table"