We have received two independent messages of a potential virus/viral
threat with the latest EntryClient in the Windows version. (From Sweden
and Switzerland)
The programming and compilation of ALL EpiData software is done in Linux
and we have NOT changed any of the programming tools from the latest to
the previous version of EntryClient.
Where we work these problems have not occurred, so it seems to be
dependent on which particular version of the anti-virus software is
blocking the function of EntryClient.
We are reasonably convinced that the problem is some similarity of
internal code with a known virus or trojan. If our development system
had been infected, then this would also affect previous versions.
To be sure of this we will obviously spent some time to look into the
problem in collaboration with the reporters. AND quite soon return with
a solution. (In the meantime I would personally mark in my virus
software the EntryClient as not-infected - if that is possible, but it
is obviously up to you. The reason being that we have not changed
anything here)
Should you experience such problems please write an e-mail to info (at)
EpiData.dk - following solving the problem we will then contact you
directly.
best wishes
Jens Lauritsen
EpiData Association
Denmark
Dear all,
This refers to McAfee Endpoint security ver 10.5.3.3178. This program is
forced by my employer. I get a warning when downloading the exe file and
when running manager/client. This applies both to the old Epidata
version from 2007 and the new. There has been NO signs of malfunction or
infection. I believe strongly that this issue is not related to an
actual virus threat but rather that McAfee detects all non-standard
programs. The logs from McAfee follows below (mostly for the Epidata
team):
Ryktet för programmet EPIDATAMANAGER.EXE är Okänt, vilket är under den
konfigurerade inneslutningströskeln. Adaptivt skydd mot hot inneslöt
inte programmet eftersom observationsläget är aktiverat.
-------------------------
ANALYS/DETEKTOR
Produktnamn
McAfee Endpoint Security
Produktversion
10.5.3.3113
McAfee GTI-fråga
Ja
Funktionsnamn
On-Execute Scan
HOT
Vidtagen åtgärd
Innesluts eventuellt
Hotkategori
Processklass eller -åtkomst
Hot identifierat vid start
Nej
Hothändelse-ID
35111
Hanterat hot
Ja
Namn på hot
ATP/Suspect!38626ef41d2c
Allvarlighetsgrad för hot
Varning
Tidsstämpel för hotet
2018-6-17 20:31
Typ av hot
Dynamic Application Containment
KÄLLA
Åtkomsttid för källan
2018-6-17 20:30
Skapelsetid för källan
2010-11-21 04:24
Källfilens storlek
2872320
Värddatornamn för källa
SOSLS79102197
Ändringstid för källan
2010-11-21 04:24
Källfilens processnamn
C:\WINDOWS\EXPLORER.EXE
Källanvändarnamn
GAIA\24jj
MÅL
Åtkomsttid för målet
2018-6-17 20:31
Skapelsetid för målet
2017-4-21 01:38
Målfilens storlek (byte)
7031808
Målhash
57522881d6cdf31353875012fb917976
Värddatornamn för mål
SOSLS79102197
Ändringstid för målet
2018-5-30 13:46
Målnamn
EPIDATAMANAGER.EXE
Målsökväg
C:\PROGRAM FILES\EPIDATA
Målanvändarnamn
GAIA\24jj
ANNAT
Vektortyp
Lokalt system
Avkänningsmeddelande
Avkänning i Adaptivt skydd mot hot, observationsläge
Tid före avkänning (dagar)
18
Even download of the old client is detected as a threat:
GAIA\24jj använde C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
för att hämta http://epidata.dk/downloads/setup_epidata.exe, som är
klassificerad som Röd. Hämtningen har Blockerad av McAfee Endpoint
Security.
-------------------------
ANALYS/DETEKTOR
Produktnamn
McAfee Endpoint Security
Produktversion
10.5.3
McAfee GTI-fråga
Ja
Funktionsnamn
Hämtnings-URL
HOT
Vidtagen åtgärd
Blockerad
Hotkategori
Hämtning av skadlig fil
Hothändelse-ID
18601
Hanterat hot
Ja
Namn på hot
Web Control Violation
Allvarlighetsgrad för hot
Allvarliga
Tidsstämpel för hotet
2018-6-17 20:05
Typ av hot
Hämtning av skadlig fil
KÄLLA
Källfilens storlek
990228
Källans IPV4
46.30.213.252
Filhash för källans process
504c12f8bc573e324fdeb54919840243
Källfilens processnamn
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Signerad källa
Nej
Käll-URL
http://epidata.dk/downloads/setup_epidata.exe
Klassificeringskod för käll-URL
Röd
Webbkategori för käll-URL
Skadliga webbplatser
Källanvändarnamn
GAIA\24jj
MÅL
Målnamn
setup_epidata[1].exe
Målsökväg
C:\Users\24jj\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Low\Content.IE5\Q1PMWX53
Målanvändarnamn
GAIA\24jj
ANNAT
Vektortyp
Webbplats
Even download of Entryclient is detected and blocked:
GAIA\24jj använde C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
för att hämta
http://epidata.dk/downloads/epidataentryclient.4.4.1.0.win.64.zip, som
är klassificerad som Röd. Hämtningen har Blockerad av McAfee Endpoint
Security.
-------------------------
ANALYS/DETEKTOR
Produktnamn
McAfee Endpoint Security
Produktversion
10.5.3
McAfee GTI-fråga
Ja
Funktionsnamn
Hämtnings-URL
HOT
Vidtagen åtgärd
Blockerad
Hotkategori
Hämtning av skadlig fil
Hothändelse-ID
18601
Hanterat hot
Ja
Namn på hot
Web Control Violation
Allvarlighetsgrad för hot
Allvarliga
Tidsstämpel för hotet
2018-6-17 19:33
Typ av hot
Hämtning av skadlig fil
KÄLLA
Källfilens storlek
3683108
Källans IPV4
46.30.213.252
Filhash för källans process
504c12f8bc573e324fdeb54919840243
Källfilens processnamn
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Signerad källa
Nej
Käll-URL
http://epidata.dk/downloads/epidataentryclient.4.4.1.0.win.64.zip
Klassificeringskod för käll-URL
Röd
Webbkategori för käll-URL
Skadliga webbplatser
Källanvändarnamn
GAIA\24jj
MÅL
Målanvändarnamn
GAIA\24jj
ANNAT
Vektortyp
Webbplats
---
-------------------------
Jonas Malmstedt
Munkedalsvägen 3
122 42 Enskede, Sweden
08-648 0838 (hem) +46 8 6480 838 (home)
070-758 6838 (mobil) +46 7 0758 6838 (cellular)
08-616 2893 (arbete) +46 8 6162 893 (work)
2018-06-19 19:00 skrev epidata-list-request(a)lists.umanitoba.ca:
> Send EpiData-list mailing list submissions to
> epidata-list(a)lists.umanitoba.ca
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.umanitoba.ca/mailman/listinfo/epidata-list
> or, via email, send a message with subject or body 'help' to
> epidata-list-request(a)lists.umanitoba.ca
>
> You can reach the person managing the list at
> epidata-list-owner(a)lists.umanitoba.ca
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of EpiData-list digest..."
>
> EpiData-list mailing list
> ___________________________________
>
> Today's Topics:
>
> 1. message to all EpiData users - we have received reports of an
> important potential problem (EpiData development and support)
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 18 Jun 2018 23:12:52 +0200
> From: EpiData development and support
> <epidata-list(a)lists.umanitoba.ca>
> To: EpiData development and support <epidata-list(a)lists.umanitoba.ca>
> Subject: [EpiData-list] message to all EpiData users - we have
> received reports of an important potential problem
> Message-ID: <bb216257-6184-0814-e210-1c4d83a93c0a(a)epidata.dk>
> Content-Type: text/plain; charset=utf-8; format=flowed
>
> We have received two independent messages of a potential virus/viral
> threat with the latest EntryClient in the Windows version. (From Sweden
> and Switzerland)
>
> The programming and compilation of ALL EpiData software is done in Linux
> and we have NOT changed any of the programming tools from the latest to
> the previous version of EntryClient.
>
> Where we work these problems have not occurred, so it seems to be
> dependent on which particular version of the anti-virus software is
> blocking the function of EntryClient.
>
> We are reasonably convinced that the problem is some similarity of
> internal code with a known virus or trojan. If our development system
> had been infected, then this would also affect previous versions.
>
> To be sure of this we will obviously spent some time to look into the
> problem in collaboration with the reporters. AND quite soon return with
> a solution. (In the meantime I would personally mark in my virus
> software the EntryClient as not-infected - if that is possible, but it
> is obviously up to you. The reason being that we have not changed
> anything here)
>
> Should you experience such problems please write an e-mail to info (at)
> EpiData.dk - following solving the problem we will then contact you
> directly.
>
> best wishes
>
> Jens Lauritsen
> EpiData Association
> Denmark
>
> ------------------------------
>
> ________________________________________
> EpiData-list(a)lists.umanitoba.ca
> http://lists.umanitoba.ca/mailman/listinfo/epidata-list
>
> End of EpiData-list Digest, Vol 172, Issue 4
> ********************************************
For all EpiData Users.
Today we have taken a major step forward with the release of a rewritten
EpiData Analysis in version 1.0 and version 4.4 of Manager and
EntryClient. The ability to use relational structures, encryption, user
logging and other complex aspects has been implemented.
We do hope that users will find this an important step forward. It will
not be long before further functionality is available in Analysis. In
the test versions we have already a functional aggregate, and tables is
next step.
Get the new versions for Linux, Mac and Windows from:
www.epidata.dk/download.php
Read the introduction documents for each software from the help menu
after you start the software.
As always when versions of software change be particularly critical to
ensure backup copies of all data in a secure place before updating.
Analysis is ready as v1.0 in terms of:
- read project files (epx/epz including encrypted files),
but also Stata dta, CSV, Rec+Chk files)
- data management
- combine files (merge, append)
- saving, exporting and archiving data files
(epx, dta, csv, ddi-3.1) including metadata
- frequencies, count, means
- validation of files and other aspects
For Windows there is a combined installer for all three types of
software - regardless of whether you have a 32 or 64 bit computer.
All three EpiData software tools use an updated data file structure.
Once you have read and saved an epx file it will not be possible to open
it in a previous version of the software. So make sure to update all
copies of the software that you are using, e.g. if you have local data
entry.
All example files are now located in a specific user specified folder,
which you may choose during installation. In that folder example pgm
files for analysis and pdf introduction documents are contained.
Observation: on some restricted systems (eg. in a hospital) the user
might not be asked to decide the folder position during installation or
other user specifications. We cannot apparently control the installation
completely.
As always discuss function on this list and contact us in case of
serious or reproducible data errors occurring due to system functioning
on info (at) epidata.dk
We wish to express as well thanks for inspiration and help from in
particular Jamie Hockin and Hans Rieder, but also received funding from
The Union (DFID fund) and other funding bodies.
Torsten B. Christensen and Jens Lauritsen
EpiData Association
Denmark
Dear Jens and Team,Thank you for the sustained effort for developing New Epidata Analysis. It can read large rec files easily and convert to epx file quite fast.I was testing the ver 1.2.0.0 of Analysis.The "select" command selects the appropriate records. Following ouput was obtained..select name="GURWINDER" do;Selecting, please wait...Selecting complete!(61 of 36243 selected)Browse uno datev name age ageu5 sex area revisit diagnosis1;When the browse or list command is given, it lists all the records of the database,not just the selected records. Please advise.Dr Shavinder Singh