According to my Dell 4500 NSA series firewall, and its subscription services, this link https://labs.vmware.com/flings/vmware-os-optimization-tool has the ZBOT TROJOAN when clicking on the RED hyperlink to download the file.
WARNING DO NOT DOWNLOAD OR CLICK ON THE RED HYPERLINK UNTIL SOMEBODY AT VMWARE CAN EXPLAIN.
until then, I am going to trust my Dell 4500 NSA series firewall and its subscription services and not ever download this file as it could infect my master images and push Trojans out to all of my linked clones.
This was stopped by my firewall scanning for viruses 'on the wire' when attempting the download and not via my antivirus software on my client.
Could you have this verified somewhere? I have been running this tool in many places without any indication of malware.
// Linjo
I opened a ticket with Dell/Sonicwall that is reporting the detection.
I personally cant download the tool because of the detection but it looks like you are not having any problems.
If you don't use a Dell/Sonicwall then everything should be good.
Its funny that the sonicwall is detecting a Trojan from the labs website on a tool that you would run on all of your master images, but when I downloaded other tools from the same labs.vmware website it did not block them and detect a Trojan.
Hi,
I received word this was triggered on a sonicwall as well - I'm looking into it now but there should be no virus. We've scanned the binary several times and have no viruses detected, nor should there be one since this was built from source. I'll be engaging our internal security just to be on the safe side and have the download analyzed for any issues.
Thanks for letting us know, but this should be considered safe.
Not sure what kind of detection was supposed to trigger it, but virustotal.com shows that not a single out of 52 virus scanners detects malicious code in the package:
MKguy,
Agreed - as I mentioned, this was built from source and zipped on my dev machine so it should be good. I'm not sure why the Dell 4500 or Sonicwall are triggering false positives on this, but we're looking into it. The download should definitely be considered safe.
Hi guys,
I'm one of the developers of this Fling. Rescanned the binary downloaded from web site with McAfee, as well as online scanners like the following one, and not a single out of 39 scanners reports virus.
Probably a fake report by the specific firewall?
Just to follow up and tie up loose ends, I had VMware's security team which has some really smart security experts do a full analysis on the binary and site. There was no threat's shown by either and both are verified safe.
Thanks for bringing this to our attention, but it has been verified a false positive. I would contact Dell/SonicWall to let them know in the matter.
Good news, thanks for everybody checking.
The combination of having to agree to "not use in a production environment", and the Trojan warning set off some serious red flags for us.
It looks like either Dell has whitelisted this for their SonicWall customers or something was fixed at VMware.
As of 9/10/14 I can now download the file behind our "Gateway Antivirus Service".