Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Brown pants moment for BlueJeans: Dozens of AV tools scream its vid chat code is malware

How it all happened (clue: unsigned library loaded)

Programmers at videoconferencing software house BlueJeans have been living through a developer's nightmare the past month or so – antivirus packages falsely labeling their code as malware.

A Register reader, who works in corporate IT administration, tipped us off over the weekend that the software had triggered virus alerts on a number of systems they administrate running anti-malware scanners. After submitting the program to VirusTotal, the admin found that 27 security toolkits, including Trend Micro, McAfee, and Avast, were wrongly flagging the application as a malicious nasty.

"My company has independently verified their Windows application version 2.5.660 is indeed being flagged and quarantined by antivirus systems beginning in the last few days," the tipster wrote.

"This is not the newest version of the software, but it was the active version in June, and undoubtedly was running on the desktops of most BlueJeans customers for at least a few weeks."

Fortunately, this wasn't a case of the software being compromised or loaded with malware. The Register was told by BlueJeans CTO Alagu Periyannan that the antivirus alarms were the result of a cryptographically unsigned library that was since replaced.

"The entire executable is signed by BlueJeans. However, one of the libraries of the app was not signed," Periyannan said. "We have signed that one library and now the virus scanners no longer generate a false positive."

The false positive was confirmed by Trend Micro, who told El Reg via a spokesperson that it would look to prevent similar errors from happening again.

"Upon analysis, it appears our automation triggered the initial detection based on some existing rules, and upon further review we found it to be non-malicious," Trend says.

Spam

Wondering where your JavaScript libs went? Spam-detection snafu exiled npm packages

READ MORE

"We are working to refine the rules to account for this type of file in the future."

In this case, fixing the problem is as simple as updating the BlueJeans software, and many customers should already have the fix, as it was automatically kicked out in June. Anyone still experiencing false positives should be sure they have version 2.6 of the BlueJeans application.

Our tipster has also been able to get the affected user machines fixed, but while the problem has been solved, they are not particularly thrilled with how the issue was handled.

"Maybe it’s just me," the admin said, "but when a vendor silently replaces a version that appears to be malware infected with a different copy that is clean, without informing customers, who downloaded the former, it does not seem like the vendor is being forthcoming about what is going on." ®

Spotted any other weirdness with software, security tools, and operating system updates? Let us know so we can investigate.

 

Similar topics

TIP US OFF

Send us news


Other stories you might like