Re: ODBC MSI flagged as 'suspicious'

Hi Daniel,

The files are currently not signed. I can tell you that others use these
files. However it is up to you to determine if they are safe for you to use.

Dave Cramer
www.postgres.rocks

On Mon, 4 Mar 2024 at 10:56, Rice, Daniel <Daniel(dot)Rice(at)fisglobal(dot)com> wrote:

> Hi again,
>
>
>
> I’m told I have until Thurs to obtain a confirmation from PostgreSQL that
> the detections in the attached and following reports can be safely ignored.
>
> Otherwise my company closes my ticket and I will not be allowed to use the
> PostgreSQL ODBC driver ☹.
>
>
>
> Attached the analysis from CrowdStrike.
>
> Link to Hybrid analysis: Free Automated Malware Analysis Service -
> powered by Falcon Sandbox - Viewing online file analysis results for
> 'psqlodbc_x64.msi' (hybrid-analysis.com)
> <https://www.hybrid-analysis.com/sample/a56b6a093fe39ca024e5c819535f608823c568537e24e945711e8c96380cf177?environmentId=160>
>
>
>
> Any help very much appreciated, thx.
>
>
>
> Dan.
>
> FIS Global.
>
>
>
> *From:* Rice, Daniel
> *Sent:* Thursday, February 29, 2024 2:27 PM
> *To:* pgsql-odbc(at)postgresql(dot)org
> *Subject:* RE: ODBC MSI flagged as 'suspicious'
>
>
>
> Hi all,
>
>
>
> Is it possible to confirm detections in those reports can be safely
> ignored?
>
> pgsql-security explained this is more of a packaging matter – please let
> me know if I should address to a different group.
>
>
>
> Many thanks in advance,
>
> Dan.
>
>
>
> *From:* Rice, Daniel
> *Sent:* Tuesday, February 27, 2024 9:57 AM
> *To:* pgsql-odbc(at)postgresql(dot)org
> *Subject:* FW: ODBC MSI flagged as 'suspicious'
>
>
>
> Hi all,
>
>
>
> I want to use the PostgeSQL ODBC driver from psqlodbc - PostgreSQL ODBC
> driver <https://odbc.postgresql.org/>, but my organisations security team
> explain to me the msi package (specifically *psqlodbc_16_00_0000-x64.zip*
> <https://ftp.postgresql.org/pub/odbc/versions/msi/psqlodbc_16_00_0000-x64.zip>)
> is problematic for them as its not signed by Trusted CA and its flagged
> as Suspicious during sandbox analysis by Falcon & Hybrid Analysis.
>
>
>
> They ask if the detections in those reports be safely ignored?
>
>
>
> Attached the analysis from CrowdStrike.
>
> Link to Hybrid analysis: Free Automated Malware Analysis Service -
> powered by Falcon Sandbox - Viewing online file analysis results for
> 'psqlodbc_x64.msi' (hybrid-analysis.com)
> <https://www.hybrid-analysis.com/sample/a56b6a093fe39ca024e5c819535f608823c568537e24e945711e8c96380cf177?environmentId=160>
>
>
>
> Many thanks in advance,
>
> *Daniel Rice*
>
> Exchange Project Management Lead - London, Americas
>
> Documentation Product Owner
>
> Valdi Global Markets
>
> *T: *+44 20 *8081 3670*
>
> *M:* +44 7802 490 388
>
> *E: *daniel(dot)rice(at)fisglobal(dot)com
>
> *FIS | Empowering the Financial World*
> <https://www.facebook.com/FIStoday> <https://twitter.com/FISGlobal>
> <https://www.linkedin.com/company/fis>
>
>
>
> CONFIDENTIALITY: This e-mail (including any attachments) may contain
> confidential, proprietary and privileged information, and unauthorized
> disclosure or use is prohibited. If you receive this e-mail in error,
> please notify the sender and delete this e-mail from your system.
>
>
>
> P *Think before you print*
>
>
>
>
> The information contained in this message is proprietary and/or
> confidential. If you are not the intended recipient, please: (i) delete the
> message and all copies; (ii) do not disclose, distribute, or use the
> message in any manner; and (iii) notify the sender immediately. In
> addition, please be aware that any message addressed to our domain is
> subject to archiving and review by persons other than the intended
> recipient. Fidelity National Information Services, Inc., an NYSE listed
> trading Company with the ticker symbol FIS. FIS is a trading name of the
> following companies: Alphakinetic Limited (No: 06897969) | FIS Derivatives
> Utility Services (UK) Limited (No: 9398140) | FIS Energy Solutions Limited
> (No: 1889028) | FIS Global Execution Services Limited (No. 3127109) | FIS
> Capital Markets UK Limited (No: 982833) | Metavante Technologies Limited
> (No: 2659326) | Virtus Partners Limited (No: 06602363) | all registered in
> England & Wales with their registered office: C/O F I S Corporate
> Governance, The Walbrook Building, 25 Walbrook, London, EC4N 8AF | FIS
> Global Execution Services Limited is authorised and regulated by the
> Financial Conduct Authority | FIS Banking Solutions UK Limited (No:
> 3517639) and FIS Payments (UK) Limited (No: 4215488) are registered in
> England & Wales with their registered office at 1st Floor Tricorn House,
> 51-53 Hagley Road, Edgbaston, Birmingham, West Midlands, B16 8TU, United
> Kingdom | FIS Payments (UK) Limited is authorised and regulated by the
> Financial Conduct Authority; some services are covered by the Financial
> Ombudsman Service (in the UK). Torstone Technology Limited (No: 07490275)
> and Percentile Limited (No: 08867031) are registered in England & Wales
> with their registered office at 8 Lloyd's Avenue, London, England, EC3N 3EL
> | Calls to and from the companies may be recorded for quality purposes. |
> All of the above-named companies are ultimately owned by FIS. All of the
> below-named companies are indirectly minority owned by FIS. Worldpay (UK)
> Limited (No: 07316500 / FCA No: 530923 and 712965) | Worldpay Limited (No:
> 03424752 / FCA No: 504504) | Worldpay AP Limited (No: 05593466 / FCA No:
> 502597) all registered in England & Wales with their registered office: The
> Walbrook Building, 25 Walbrook, London, EC4N 8AF. The WorldPay entities are
> authorised by the Financial Conduct Authority under the Payment Service
> Regulations 2017 for the provision of payment services. | Worldpay (UK)
> Limited is authorised and regulated by the Financial Conduct Authority for
> consumer credit activities | Worldpay B.V. has its registered office in
> Amsterdam, the Netherlands (Handelsregister KvK No: 60494344). WPBV holds a
> licence from and is included in the register kept by De Nederlandsche Bank,
> which registration can be consulted through www.dnb.nl. Message Encrypted
> via TLS connection
>