public inbox for [email protected]
help / color / mirror / Atom feedFrom: Dave Cramer <[email protected]>
To: Rice, Daniel <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: ODBC MSI flagged as 'suspicious'
Date: Mon, 4 Mar 2024 11:25:59 -0500
Message-ID: <CADK3HHKzGvitqvMGyHL_+YoBZjKm+YZU+6DcZ9CbNb6T1kk3+w@mail.gmail.com> (raw)
In-Reply-To: <GV2PR08MB8027FD794219A3B3F8AAEF85FA232@GV2PR08MB8027.eurprd08.prod.outlook.com>
References: <GV2PR08MB8027CC6080C1960CBB2B0C6AFA5A2@GV2PR08MB8027.eurprd08.prod.outlook.com>
<GV2PR08MB8027968988FBD7F4CE70015AFA592@GV2PR08MB8027.eurprd08.prod.outlook.com>
<GV2PR08MB802785FC14F13B07E525343DFA5F2@GV2PR08MB8027.eurprd08.prod.outlook.com>
<GV2PR08MB8027FD794219A3B3F8AAEF85FA232@GV2PR08MB8027.eurprd08.prod.outlook.com>
Hi Daniel,
The files are currently not signed. I can tell you that others use these
files. However it is up to you to determine if they are safe for you to use.
Dave Cramer
www.postgres.rocks
On Mon, 4 Mar 2024 at 10:56, Rice, Daniel <[email protected]> wrote:
> Hi again,
>
>
>
> I’m told I have until Thurs to obtain a confirmation from PostgreSQL that
> the detections in the attached and following reports can be safely ignored.
>
> Otherwise my company closes my ticket and I will not be allowed to use the
> PostgreSQL ODBC driver ☹.
>
>
>
> Attached the analysis from CrowdStrike.
>
> Link to Hybrid analysis: Free Automated Malware Analysis Service -
> powered by Falcon Sandbox - Viewing online file analysis results for
> 'psqlodbc_x64.msi' (hybrid-analysis.com)
> <https://www.hybrid-analysis.com/sample/a56b6a093fe39ca024e5c819535f608823c568537e24e945711e8c96380cf...;
>
>
>
> Any help very much appreciated, thx.
>
>
>
> Dan.
>
> FIS Global.
>
>
>
> *From:* Rice, Daniel
> *Sent:* Thursday, February 29, 2024 2:27 PM
> *To:* [email protected]
> *Subject:* RE: ODBC MSI flagged as 'suspicious'
>
>
>
> Hi all,
>
>
>
> Is it possible to confirm detections in those reports can be safely
> ignored?
>
> pgsql-security explained this is more of a packaging matter – please let
> me know if I should address to a different group.
>
>
>
> Many thanks in advance,
>
> Dan.
>
>
>
> *From:* Rice, Daniel
> *Sent:* Tuesday, February 27, 2024 9:57 AM
> *To:* [email protected]
> *Subject:* FW: ODBC MSI flagged as 'suspicious'
>
>
>
> Hi all,
>
>
>
> I want to use the PostgeSQL ODBC driver from psqlodbc - PostgreSQL ODBC
> driver <https://odbc.postgresql.org/;, but my organisations security team
> explain to me the msi package (specifically *psqlodbc_16_00_0000-x64.zip*
> <https://ftp.postgresql.org/pub/odbc/versions/msi/psqlodbc_16_00_0000-x64.zip;)
> is problematic for them as its not signed by Trusted CA and its flagged
> as Suspicious during sandbox analysis by Falcon & Hybrid Analysis.
>
>
>
> They ask if the detections in those reports be safely ignored?
>
>
>
> Attached the analysis from CrowdStrike.
>
> Link to Hybrid analysis: Free Automated Malware Analysis Service -
> powered by Falcon Sandbox - Viewing online file analysis results for
> 'psqlodbc_x64.msi' (hybrid-analysis.com)
> <https://www.hybrid-analysis.com/sample/a56b6a093fe39ca024e5c819535f608823c568537e24e945711e8c96380cf...;
>
>
>
> Many thanks in advance,
>
> *Daniel Rice*
>
> Exchange Project Management Lead - London, Americas
>
> Documentation Product Owner
>
> Valdi Global Markets
>
> *T: *+44 20 *8081 3670*
>
> *M:* +44 7802 490 388
>
> *E: *[email protected]
>
> *FIS | Empowering the Financial World*
> <https://www.facebook.com/FIStoday; <https://twitter.com/FISGlobal;
> <https://www.linkedin.com/company/fis;
>
>
>
> CONFIDENTIALITY: This e-mail (including any attachments) may contain
> confidential, proprietary and privileged information, and unauthorized
> disclosure or use is prohibited. If you receive this e-mail in error,
> please notify the sender and delete this e-mail from your system.
>
>
>
> P *Think before you print*
>
>
>
>
> The information contained in this message is proprietary and/or
> confidential. If you are not the intended recipient, please: (i) delete the
> message and all copies; (ii) do not disclose, distribute, or use the
> message in any manner; and (iii) notify the sender immediately. In
> addition, please be aware that any message addressed to our domain is
> subject to archiving and review by persons other than the intended
> recipient. Fidelity National Information Services, Inc., an NYSE listed
> trading Company with the ticker symbol FIS. FIS is a trading name of the
> following companies: Alphakinetic Limited (No: 06897969) | FIS Derivatives
> Utility Services (UK) Limited (No: 9398140) | FIS Energy Solutions Limited
> (No: 1889028) | FIS Global Execution Services Limited (No. 3127109) | FIS
> Capital Markets UK Limited (No: 982833) | Metavante Technologies Limited
> (No: 2659326) | Virtus Partners Limited (No: 06602363) | all registered in
> England & Wales with their registered office: C/O F I S Corporate
> Governance, The Walbrook Building, 25 Walbrook, London, EC4N 8AF | FIS
> Global Execution Services Limited is authorised and regulated by the
> Financial Conduct Authority | FIS Banking Solutions UK Limited (No:
> 3517639) and FIS Payments (UK) Limited (No: 4215488) are registered in
> England & Wales with their registered office at 1st Floor Tricorn House,
> 51-53 Hagley Road, Edgbaston, Birmingham, West Midlands, B16 8TU, United
> Kingdom | FIS Payments (UK) Limited is authorised and regulated by the
> Financial Conduct Authority; some services are covered by the Financial
> Ombudsman Service (in the UK). Torstone Technology Limited (No: 07490275)
> and Percentile Limited (No: 08867031) are registered in England & Wales
> with their registered office at 8 Lloyd's Avenue, London, England, EC3N 3EL
> | Calls to and from the companies may be recorded for quality purposes. |
> All of the above-named companies are ultimately owned by FIS. All of the
> below-named companies are indirectly minority owned by FIS. Worldpay (UK)
> Limited (No: 07316500 / FCA No: 530923 and 712965) | Worldpay Limited (No:
> 03424752 / FCA No: 504504) | Worldpay AP Limited (No: 05593466 / FCA No:
> 502597) all registered in England & Wales with their registered office: The
> Walbrook Building, 25 Walbrook, London, EC4N 8AF. The WorldPay entities are
> authorised by the Financial Conduct Authority under the Payment Service
> Regulations 2017 for the provision of payment services. | Worldpay (UK)
> Limited is authorised and regulated by the Financial Conduct Authority for
> consumer credit activities | Worldpay B.V. has its registered office in
> Amsterdam, the Netherlands (Handelsregister KvK No: 60494344). WPBV holds a
> licence from and is included in the register kept by De Nederlandsche Bank,
> which registration can be consulted through www.dnb.nl. Message Encrypted
> via TLS connection
>
Attachments:
[image/png] image001.png (572B, 3-image001.png)
download | view image
[image/png] image002.png (656B, 4-image002.png)
download | view image
[image/png] image003.png (576B, 5-image003.png)
download | view image
[image/jpeg] image004.jpg (2.9K, 6-image004.jpg)
download | view image
view thread (9+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: ODBC MSI flagged as 'suspicious'
In-Reply-To: <CADK3HHKzGvitqvMGyHL_+YoBZjKm+YZU+6DcZ9CbNb6T1kk3+w@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox