On Thu, 8 Apr 2021, Eero Volotinen wrote:
> https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe
>
> Looks like this is (vistumbler) detected as false positive.
and
On Thu, 8 Apr 2021, Arnaud Jacques wrote:
> At first look, ClamAV is not the only one that flags it as malware :
> https://www.virustotal.com/gui/file/071921ede559082a14d54ba7f7f5cea2f6abced8f1747b245efff5d092a1aae4/detection
and
https://vistumbler.en.lo4d.com/virus-malware-tests but that has a different sha256sum.
Hmm.
If I feed the github URL into virustotal it comes up clean
https://www.virustotal.com/gui/url/09809c38129bd5ec94289969d9c35e97f5867f67b0a35d2acd9e811d34f8d89a/detection but if I download the file and give that to virustotal I get
https://www.virustotal.com/gui/file/eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01/detection (the bit between file/ and /detection matches the sha256sum of my file and that on
https://vistumbler.en.lo4d.com/virus-malware-tests ).
Initially that page reported
19 security vendors flagged this file as malicious
Size 6.92 MB
direct-cpu-clock-access invalid-signature
nsis overlay peexe runtime-modules signed
but when I asked virustotal to rescan, "19 security vendors" changed to "16 security vendors".
I have put my copy at:
https://www.aitchison.me.uk/Vistumbler_v10-7.eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01.exe I think this means that raw.github.com has given out at least three
different versions of this file. Eero, could you pass this back to
the Vistumbler developer "Andrew" (Calcutt?) please ?
# file Vistumbler_v10-7.exe
Vistumbler_v10-7.exe: PE32 executable (GUI) Intel 80386, for MS Windows,
Nullsoft Installer self-extracting archive
# host raw.github.com
raw.github.com has address 185.199.108.133
raw.github.com has address 185.199.109.133
raw.github.com has address 185.199.110.133
raw.github.com has address 185.199.111.133
On Thu, 8 Apr 2021, Eero Volotinen wrote:
> comment from developer
>
> "Unfortunately autoit, which vistumbler is written in, gets flagged
> as a false positive a lot. Vistumbler has struggled with this since
> the beginning.
>
> I recently submitted the 10.7 release files to microsoft for false
> detection and they removed the false detection, so i think these
> files are fine. However I have also just submitted a false positive
> report to bitdefender, so we can see if they remove it too.
>
> If vistumbler gets flagged by your AV company, my suggestion is to
> submit it as a false positive to them. I really don't have the time
> to chase down all these AV companies.
>
> -Andrew"
Not sure about this as it is open source, but if I were paying for
the software I would expect them to liase with the AV companies.
--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml