public inbox for [email protected]
help / color / mirror / Atom feedFrom: Rice, Daniel <[email protected]>
To: [email protected] <[email protected]>
Subject: RE: ODBC MSI flagged as 'suspicious'
Date: Thu, 29 Feb 2024 14:26:35 +0000
Message-ID: <GV2PR08MB802785FC14F13B07E525343DFA5F2@GV2PR08MB8027.eurprd08.prod.outlook.com> (raw)
In-Reply-To: <GV2PR08MB8027968988FBD7F4CE70015AFA592@GV2PR08MB8027.eurprd08.prod.outlook.com>
References: <GV2PR08MB8027CC6080C1960CBB2B0C6AFA5A2@GV2PR08MB8027.eurprd08.prod.outlook.com>
<GV2PR08MB8027968988FBD7F4CE70015AFA592@GV2PR08MB8027.eurprd08.prod.outlook.com>
Hi all,
Is it possible to confirm detections in those reports can be safely ignored?
pgsql-security explained this is more of a packaging matter - please let me know if I should address to a different group.
Many thanks in advance,
Dan.
From: Rice, Daniel
Sent: Tuesday, February 27, 2024 9:57 AM
To: [email protected]
Subject: FW: ODBC MSI flagged as 'suspicious'
Hi all,
I want to use the PostgeSQL ODBC driver from psqlodbc - PostgreSQL ODBC driver<https://odbc.postgresql.org/;, but my organisations security team explain to me the msi package (specifically psqlodbc_16_00_0000-x64.zip<https://ftp.postgresql.org/pub/odbc/versions/msi/psqlodbc_16_00_0000-x64.zip;) is problematic for them as its not signed by Trusted CA and its flagged as Suspicious during sandbox analysis by Falcon & Hybrid Analysis.
They ask if the detections in those reports be safely ignored?
Attached the analysis from CrowdStrike.
Link to Hybrid analysis: Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'psqlodbc_x64.msi' (hybrid-analysis.com)<https://www.hybrid-analysis.com/sample/a56b6a093fe39ca024e5c819535f608823c568537e24e945711e8c96380cf...;
Many thanks in advance,
Daniel Rice
Exchange Project Management Lead - London, Americas
Documentation Product Owner
Valdi Global Markets
T: +44 20 8081 3670
M: +44 7802 490 388
E: [email protected]<mailto:[email protected]>
FIS | Empowering the Financial World [cid:[email protected]] <https://www.facebook.com/FIStoday; [cid:[email protected]] <https://twitter.com/FISGlobal; [cid:[email protected]] <https://www.linkedin.com/company/fis;
CONFIDENTIALITY: This e-mail (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you receive this e-mail in error, please notify the sender and delete this e-mail from your system.
P Think before you print
[cid:[email protected]]
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute, or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Fidelity National Information Services, Inc., an NYSE listed trading Company with the ticker symbol FIS. FIS is a trading name of the following companies: Alphakinetic Limited (No: 06897969) | FIS Derivatives Utility Services (UK) Limited (No: 9398140) | FIS Energy Solutions Limited (No: 1889028) | FIS Global Execution Services Limited (No. 3127109) | FIS Capital Markets UK Limited (No: 982833) | Metavante Technologies Limited (No: 2659326) | Virtus Partners Limited (No: 06602363) | all registered in England & Wales with their registered office: C/O F I S Corporate Governance, The Walbrook Building, 25 Walbrook, London, EC4N 8AF | FIS Global Execution Services Limited is authorised and regulated by the Financial Conduct Authority | FIS Banking Solutions UK Limited (No: 3517639) and FIS Payments (UK) Limited (No: 4215488) are registered in England & Wales with their registered office at 1st Floor Tricorn House, 51-53 Hagley Road, Edgbaston, Birmingham, West Midlands, B16 8TU, United Kingdom | FIS Payments (UK) Limited is authorised and regulated by the Financial Conduct Authority; some services are covered by the Financial Ombudsman Service (in the UK). Torstone Technology Limited (No: 07490275) and Percentile Limited (No: 08867031) are registered in England & Wales with their registered office at 8 Lloyd's Avenue, London, England, EC3N 3EL | Calls to and from the companies may be recorded for quality purposes. | All of the above-named companies are ultimately owned by FIS. All of the below-named companies are indirectly minority owned by FIS. Worldpay (UK) Limited (No: 07316500 / FCA No: 530923 and 712965) | Worldpay Limited (No: 03424752 / FCA No: 504504) | Worldpay AP Limited (No: 05593466 / FCA No: 502597) all registered in England & Wales with their registered office: The Walbrook Building, 25 Walbrook, London, EC4N 8AF. The WorldPay entities are authorised by the Financial Conduct Authority under the Payment Service Regulations 2017 for the provision of payment services. | Worldpay (UK) Limited is authorised and regulated by the Financial Conduct Authority for consumer credit activities | Worldpay B.V. has its registered office in Amsterdam, the Netherlands (Handelsregister KvK No: 60494344). WPBV holds a licence from and is included in the register kept by De Nederlandsche Bank, which registration can be consulted through www.dnb.nl. Message Encrypted via TLS connection
Attachments:
[image/png] image001.png (572B, 3-image001.png)
download | view image
[image/png] image002.png (656B, 4-image002.png)
download | view image
[image/png] image003.png (576B, 5-image003.png)
download | view image
[image/jpeg] image004.jpg (2.9K, 6-image004.jpg)
download | view image
view thread (9+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: RE: ODBC MSI flagged as 'suspicious'
In-Reply-To: <GV2PR08MB802785FC14F13B07E525343DFA5F2@GV2PR08MB8027.eurprd08.prod.outlook.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox