232533.2emlxpart virus

johneddy
johneddy
Community Member

232533.2emlxpart is a virus that Sophos located that seems to be directed at 1Password. Would you like more info?


1Password Version: 5.3.2
Extension Version: 532001
OS Version: osx 10.10.4
Sync Type: cloud

Comments

  • MrC
    MrC
    Volunteer Moderator

    @johneddy,

    It is most likely a false positive. Check the particular file at Jotti, a multiple virus scanner site.

  • johneddy
    johneddy
    Community Member

    @MrC
    I don't think so. Sophos
    identified the the file as a known trojan virus.

    But I am not an expert in these things. Just concerned about security.

  • MrC
    MrC
    Volunteer Moderator

    Hi @johneddy,

    All virus checkers will occasionally incorrectly flag a file as malware (this is called a False Positive). Malware detection software uses static rules, patterns, and heuristics to make a determination, and just by random chance some file will happen to fit the criteria.

    It is exceptionally rare that a reputable software vendor releases a file that contains a virus or malware, so that's why I recommend the follow-up by scanning the relevant files using a suite of scanners. And when those scanners show no issues, you can report the file as a False Positive to the A/V vendor via their false positive report page (as explained here).

  • Ben
    Ben
    edited July 2015

    Hi @johneddy,

    You can select the "Reveal in Finder" option on that screen to open the folder the file resides in within Finder. Then you can use the website MrC mentioned to scan the file and see if it is indeed infected or not.

    Do you have file attachments in your 1Password database? The most likely scenarios are either a false positive from Sophos as MrC mentioned (anti virus isn't infallible), or a file you've attached to a 1Password item is infected, though it seems unlikely Sophos would be able to detect it even if this were the case.

    Thanks

    Ben

  • johneddy
    johneddy
    Community Member

    @bwoodruff
    @MrC
    Thank you both. Sophos cleaned the file out for me so I no longer have it to check as you both kindly suggested.

    I was not concerned that Agilebits had unwittingly distributed malware in its software package- I was more concerned that someone had somehow managed to create a virus that targets 1Password specifically and I wanted to let someone at Agilebits know about it in case it something that deserves attention.

    It sounds like you both think it is not of concern. Is this correct?

    thanks again.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I was not concerned that Agilebits had unwittingly distributed malware in its software package- I was more concerned that someone had somehow managed to create a virus that targets 1Password specifically and I wanted to let someone at Agilebits know about it in case it something that deserves attention.

    @johneddy: Absolutely! Better safe than sorry. :) :+1:

    It sounds like you both think it is not of concern. Is this correct?

    Not at all. I won't go into too much detail, as it's a bit of a long explanation. But 1Password for Mac is digitally signed both by AgileBits and by Apple as part of their security initiative. So while it's entirely possible that malware could modify it (as it could any file), the signature would no longer match, and then Gatekeeper would complain that it couldn't be validated and not even let you launch it. :pirate:

  • johneddy
    johneddy
    Community Member

    @brenty
    @MrC
    @bwoodruff

    Thanks again. What does "digitally signed" mean? Do you recommend any reading on becoming familiar with this kind of security?

  • Hi @johneddy,

    You can read about digital signing here:

    https://en.wikipedia.org/wiki/Digital_signature

    Thanks!

    Ben

This discussion has been closed.