Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Executable get infected with Trojan:MSIL/Masslogger.VN!MTB after uploading to Jira

Edited
Lukas Kisza
Lukas Kisza Nov 13, 2020

I uploaded unsigned executable (C# compiled with visual studio) to JIRA (tested with cloud and standalone)

Right after upload I downloaded and file was same.

However if I download file after 5-10 minutes, my antivirus (Defender) reported it contains Trojan:MSIL/Masslogger.VN!MTB

I turned off Defender real time protection and did BYTE COMPARISON of files (size was same) and FOUND DIFFERENCES in start sequence.

Does anyone have any logical explanation?

Answer
Watch
Like Be the first to like this
1664 views

1 answer

1 accepted

0 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Nov 14, 2020

I do not think we can offer anything logical that goes right down to the root cause, we are very short of infomation, and probably need a lot more from you

Your described behaviour says that your anti-virus is interfering.  There is nothing wrong with it doing that, it's protective.  But it sounds like something is inserting a virus into the file after you've downloaded it.  This is nothing Atlassian software can do, it's something else on your machines.

View More Comments
Lukas Kisza
Lukas Kisza Nov 14, 2020

I'm afraid this is not the case. I've tried this on multiple computers in multiple separated environments and accounts. I do not believe all of them will have same virus. If I upload same executable on any other http/s storage (for example to GitLab or Google Drive) and download back it is clean. We are running standalone JIRA (but as I mentioned same behavior occurs on cloud JIRA...).

To sum up all points to that it is changed by JIRA.... :|

Can you help me to identify where are attachments stored in JIRA so we can monitor if it is changed directly on storage/DB level?

More information about executable: 

C# Windows form application (.exe) compiled without signing via Visual Studio.

P.S: I'm ok for live session where I can present the behavior and give you access to cloud Jira so you can download by yourself.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Nov 14, 2020

I'm sorry, but you exactly described a case where something is changing a file AFTER you've downloaded it from Jira.  Specifically:

"Right after upload I downloaded and file was same.

However if I download file after 5-10 minutes, my antivirus (Defender) reported it contains Trojan:MSIL/Masslogger.VN!MTB"

If the file on your local machine is changing, it can not be the Server you downloaded it from.  There is something on your machine changing it. Not Jira.

Even if I assume that your original report is not accurate, and the infection is actually happening on the Jira server, before download, you still have the problem that Jira has no code in it that writes to attachments.  All it can do is copy an upload stream to the attachment directory, and serve up previews of attached files. 

However, if the file really is being changed on the server, all that means is that your server has something on it that is infecting the files.  Whatever that is though, it's not Jira.

You also say you are on Cloud - that rules out any looking at the attachments on the storage, but also, if a virus were present on the Cloud service and doing this, it would have been found and shut down a long time ago.  If you are on Cloud, then it's an absolute fact that whatever is doing this is on your machines, not Jira.

Like
Lukas Kisza
Lukas Kisza Nov 19, 2020

Since you wrote this I'm not able to reproduce problem in cloud environment. So accepting this as solution

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Core
Jira Core Server
TAGS
AUG Leaders

Atlassian Community Events

See all events