Was scanned with Clamscan.
Engine version: 1.4.3.
Daily updates to db.
../Acrobat Reader DC/Reader/AIR/nppdf32.dll: Win.Malware.Doina-10007931-0 FOUND
../Acrobat Reader DC/Reader/icucnv67.dll: Win.Virus.Zard-10028861-0 FOUND
../Acrobat Reader DC/Reader/ScCore.dll: Win.Malware.Lazy-10007822-0 FOUND
../Acrobat Reader DC/Reader/Browser/nppdf32.dll: Win.Malware.Doina-10007931-0 FOUND
../Acrobat Reader DC/Reader/acrocef_1/RdrServicesUpdater.exe: Win.Malware.Generic-10014418-0 FOUND
../Acrobat Reader DC/Reader/plug_ins/pi_brokers/32BitMAPIBroker.exe: Win.Virus.Expiro-10028250-0 FOUND
../Acrobat Reader DC/Reader/plug_ins/Search.api: Win.Virus.Zard-10028625-0 FOUND
../Acrobat Reader DC/Reader/plug_ins/Multimedia/MPP/WindowsMedia.mpp: Win.Trojan.Doina-10007841-0 FOUND
../Acrobat Reader DC/Reader/plug_ins/Multimedia/MPP/Flash.mpp: Win.Malware.Lazy-10024016-0 FOUND
../Acrobat Reader DC/Reader/plug_ins/Multimedia/MPP/QuickTime.mpp: Win.Virus.Lazy-10020597-0 FOUND
../Acrobat Reader DC/Reader/plug_ins/Multimedia/MPP/MCIMPP.mpp: Win.Trojan.Jaik-10007838-0 FOUND
../Acrobat Reader DC/Reader/plug_ins/Accessibility.api: Win.Malware.Lazy-10016201-0 FOUND
Only snap with detected files.
Rest of the system clear.
not disputing that this is probably a false positive, but
Does the (claimed) source code actually mean anything to the snap? There are no guarantees I am aware of. With flatpak flathub repository one gets a guarantee that it was built on the flathub servers and there is a build recipe connected through a git commit revision although they effed up by shortening the revision (so a reposity could in principle create a collision and maybe cover their tracks) and the flatub people dont want to fix it forever reason.
I would totally love to see “built on snapcraft.io” or “reproducable build” stickers.
@user49b which revision of the snap do you have installed?
i checked the default latest stable revision 62 (` latest/stable: 2021.007.20091 2021-09-18 (62) 69kB -`) and it contains the code ogra mentions
Just look at the snap on your disk ? I assume the script is definitely somewhere under /snap/acrordrdc/current … as should be the snapcraft.yaml used to build it …
Yes, I did have a look in the scripts in a downloaded acrordrdc revision. What I meant: Looking at the snap is not looking at the source. I was asking for the source here (because with flathub there are some guarantees) and i took your reply that maybe there would be some for snapd which I am unaware of. So I guess I understood that reply in a wrong way.
Not really relevant in this case I (because the wget happens ), but a malicious snap could just put an arbitrary snapcraft.yaml into the snap, the build could be completely unrelated(?). The snap.yaml in the snap gets actually.
Third topic i am not completely sure of: is there any snap-provided code triggered on install (maybe with an extensions) or is that impossible (besides bugs)?
You could put a fake snapcraft.yaml in place but not a snap.yaml, though if the building happens on launchpad the snapcraft.yaml is genuine…
Snaps do have the ability to call install and upgrade hooks as well as command-chain wrappers that could do downloads or write anything into their two writable directories but you can indeed not modify the snap itself and all the above operates completely confined (so you would need interfaces to actually break out of it)
