I'm perplexed too, doesn't make sense.
I've now verified the Microsoft fciv hash tool for md5 and sha1 using
http://www.nsrl.nist.gov/testdata/ zip file near bottom of page.
fciv -both file
Oddly the archive extractor here cannot open the install archive but AV
can look inside. On looking closer I find the archiver in most but not
all cases can. (drat!)
Opening the file with a binary editor shows nothing unusual and Windows
will execute it.
That leaves the possibility the AV has altered the file to stop it being
opened but disable has previously meant just that, I handle live
infections sometimes, need to for testing systems or investigation.
This is getting too involved. Time to think about it.
On 09/09/2013 17:23, Paul S. Person wrote:
> On Mon, 09 Sep 2013 16:09:52 +0100, tim_c <***@gpsl.net> wrote:
>> Both archives fail md5 but I don't know what actually is meant by md5
>> checksum, of what exactly? Two downloaded files as .exe do not hash here
>> to the value given in the .md5 file.
> This /should/, as I understand it, mean that the file you got is not
> the file the md5 given was computed on.
>> If I try to execute the installer I get the usual front page but with an
>> error notice, cannot find setup.inf (nothing to do with AV)
> If it weren't for the md5 failure, I'd say it means that somebody
> doesn't know how to write Windows installers (not that I do). But with
> an md5 failure, it /could/ mean that somebody removed the setup.inf
> file from the installer "just for fun".
> The /real/ fun begins when the current version, say "_x23", can't
> install because it can't find some file allegedly created by some
> earlier version, say "_x14". Note that the older version is so old
> that the user doesn't even remember installing it, never mind having a
> clue as to where the file might be!