public inbox for [email protected]
help / color / mirror / Atom feedFrom: Jacobo Sánchez López <[email protected]>
To: [email protected]
Subject: Re: ODBC MSI flagged as 'suspicious'
Date: Mon, 4 Mar 2024 17:57:46 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <CADK3HHKzGvitqvMGyHL_+YoBZjKm+YZU+6DcZ9CbNb6T1kk3+w@mail.gmail.com>
References: <GV2PR08MB8027CC6080C1960CBB2B0C6AFA5A2@GV2PR08MB8027.eurprd08.prod.outlook.com>
<GV2PR08MB8027968988FBD7F4CE70015AFA592@GV2PR08MB8027.eurprd08.prod.outlook.com>
<GV2PR08MB802785FC14F13B07E525343DFA5F2@GV2PR08MB8027.eurprd08.prod.outlook.com>
<GV2PR08MB8027FD794219A3B3F8AAEF85FA232@GV2PR08MB8027.eurprd08.prod.outlook.com>
<CADK3HHKzGvitqvMGyHL_+YoBZjKm+YZU+6DcZ9CbNb6T1kk3+w@mail.gmail.com>
A checksum on downloadable files from a https page on a postgresql
certificate would probably be enough security but I can not find them.
Maybe arguing that the installer has been downloaded from a https site
with a postgresql certificate may work for you... but checksums would be
better IMO
El 04/03/2024 a las 17:25, Dave Cramer escribió:
> Hi Daniel,
>
> The files are currently not signed. I can tell you that others use
> these files. However it is up to you to determine if they are safe for
> you to use.
>
> Dave Cramer
> www.postgres.rocks
>
>
> On Mon, 4 Mar 2024 at 10:56, Rice, Daniel <[email protected]>
> wrote:
>
> Hi again,
>
> I’m told I have until Thurs to obtain a confirmation from
> PostgreSQL that the detections in the attached and following
> reports can be safely ignored.
>
> Otherwise my company closes my ticket and I will not be allowed to
> use the PostgreSQL ODBC driver ☹.
>
> Attached the analysis from CrowdStrike.
>
> Link to Hybrid analysis: Free Automated Malware Analysis Service -
> powered by Falcon Sandbox - Viewing online file analysis results
> for 'psqlodbc_x64.msi' (hybrid-analysis.com)
> <https://www.hybrid-analysis.com/sample/a56b6a093fe39ca024e5c819535f608823c568537e24e945711e8c96380cf...;
>
> Any help very much appreciated, thx.
>
> Dan.
>
> FIS Global.
>
> *From:*Rice, Daniel
> *Sent:* Thursday, February 29, 2024 2:27 PM
> *To:* [email protected]
> *Subject:* RE: ODBC MSI flagged as 'suspicious'
>
> Hi all,
>
> Is it possible to confirm detections in those reports can be
> safely ignored?
>
> pgsql-security explained this is more of a packaging matter –
> please let me know if I should address to a different group.
>
> Many thanks in advance,
>
> Dan.
>
> *From:*Rice, Daniel
> *Sent:* Tuesday, February 27, 2024 9:57 AM
> *To:* [email protected]
> *Subject:* FW: ODBC MSI flagged as 'suspicious'
>
> Hi all,
>
> I want to use the PostgeSQL ODBC driver from psqlodbc - PostgreSQL
> ODBC driver <https://odbc.postgresql.org/;, but my organisations
> security team explain to me the msi package (specifically
> *psqlodbc_16_00_0000-x64.zip*
> <https://ftp.postgresql.org/pub/odbc/versions/msi/psqlodbc_16_00_0000-x64.zip;)
> is problematic for them as its not signed by Trusted CA and its
> flagged as Suspicious during sandbox analysis by Falcon & Hybrid
> Analysis.
>
> They ask if the detections in those reports be safely ignored?
>
> Attached the analysis from CrowdStrike.
>
> Link to Hybrid analysis: Free Automated Malware Analysis Service -
> powered by Falcon Sandbox - Viewing online file analysis results
> for 'psqlodbc_x64.msi' (hybrid-analysis.com)
> <https://www.hybrid-analysis.com/sample/a56b6a093fe39ca024e5c819535f608823c568537e24e945711e8c96380cf...;
>
> Many thanks in advance,
>
> *Daniel Rice*
>
> Exchange Project Management Lead - London, Americas
>
> Documentation Product Owner
>
> Valdi Global Markets
>
> *T: *+44 20 *8081 3670*
>
> *M:*+44 7802 490 388
>
> *E: *[email protected] <mailto:[email protected]>
>
> *FIS | Empowering the Financial
> World***<https://www.facebook.com/FIStoday><https://twitter.com/FISGlobal><https://www.linkedin.c...;
>
> CONFIDENTIALITY: This e-mail (including any attachments) may
> contain confidential, proprietary and privileged information, and
> unauthorized disclosure or use is prohibited. If you receive this
> e-mail in error, please notify the sender and delete this e-mail
> from your system.
>
> P***Think before you print*
>
> The information contained in this message is proprietary and/or
> confidential. If you are not the intended recipient, please: (i)
> delete the message and all copies; (ii) do not disclose,
> distribute, or use the message in any manner; and (iii) notify the
> sender immediately. In addition, please be aware that any message
> addressed to our domain is subject to archiving and review by
> persons other than the intended recipient. Fidelity National
> Information Services, Inc., an NYSE listed trading Company with
> the ticker symbol FIS. FIS is a trading name of the following
> companies: Alphakinetic Limited (No: 06897969) | FIS Derivatives
> Utility Services (UK) Limited (No: 9398140) | FIS Energy Solutions
> Limited (No: 1889028) | FIS Global Execution Services Limited (No.
> 3127109) | FIS Capital Markets UK Limited (No: 982833) | Metavante
> Technologies Limited (No: 2659326) | Virtus Partners Limited (No:
> 06602363) | all registered in England & Wales with their
> registered office: C/O F I S Corporate Governance, The Walbrook
> Building, 25 Walbrook, London, EC4N 8AF | FIS Global Execution
> Services Limited is authorised and regulated by the Financial
> Conduct Authority | FIS Banking Solutions UK Limited (No: 3517639)
> and FIS Payments (UK) Limited (No: 4215488) are registered in
> England & Wales with their registered office at 1st Floor Tricorn
> House, 51-53 Hagley Road, Edgbaston, Birmingham, West Midlands,
> B16 8TU, United Kingdom | FIS Payments (UK) Limited is authorised
> and regulated by the Financial Conduct Authority; some services
> are covered by the Financial Ombudsman Service (in the UK).
> Torstone Technology Limited (No: 07490275) and Percentile Limited
> (No: 08867031) are registered in England & Wales with their
> registered office at 8 Lloyd's Avenue, London, England, EC3N 3EL |
> Calls to and from the companies may be recorded for quality
> purposes. | All of the above-named companies are ultimately owned
> by FIS. All of the below-named companies are indirectly minority
> owned by FIS. Worldpay (UK) Limited (No: 07316500 / FCA No: 530923
> and 712965) | Worldpay Limited (No: 03424752 / FCA No: 504504) |
> Worldpay AP Limited (No: 05593466 / FCA No: 502597) all registered
> in England & Wales with their registered office: The Walbrook
> Building, 25 Walbrook, London, EC4N 8AF. The WorldPay entities are
> authorised by the Financial Conduct Authority under the Payment
> Service Regulations 2017 for the provision of payment services. |
> Worldpay (UK) Limited is authorised and regulated by the Financial
> Conduct Authority for consumer credit activities | Worldpay B.V.
> has its registered office in Amsterdam, the Netherlands
> (Handelsregister KvK No: 60494344). WPBV holds a licence from and
> is included in the register kept by De Nederlandsche Bank, which
> registration can be consulted through www.dnb.nl
> <http://www.dnb.nl;. Message Encrypted via TLS connection
>
Attachments:
[image/png] image001.png (572B, 3-image001.png)
download | view image
[image/png] image002.png (656B, 4-image002.png)
download | view image
[image/png] image003.png (576B, 5-image003.png)
download | view image
[image/jpeg] image004.jpg (2.9K, 6-image004.jpg)
download | view image
view thread (9+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: ODBC MSI flagged as 'suspicious'
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox