-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security products flags installer as malware (v0.30) #2359
Comments
Hrm. Indeed, I saw Avast on the list of engines that flagged it and I happen to run Avast on my Windows system, so I reproduced the problem successfully. I'm not great at interpreting the output of these VirusTotal summaries to understand what about the executable was the cause for concern. For instance, some older versions of Brim were also flagged due to one particular utility that's bundled with the app, but in that case the detail in VirusTotal was sufficient to unpack the problem and write up the details at https://github.com/brimdata/brim/wiki/Troubleshooting#my-antivirus-software-has-flagged-brim-as-potentially-malicious that show why it's almost certainly a false positive. For this one, I'm not sure how one would proceed. |
I just went ahead and submitted it at https://www.avast.com/false-positive-file-form.php to see if the Avast people might come back with anything more specific to say. |
Dang, this sucks. It's probably, as usual, our bundled zeek and suricata binaries. We updated electron in this release, so that might be reason for the difference since the last release. |
I did get the following reply from Avast:
It sure would have been great if they could flag the specific items in their checklists where they believe the app is still in violation, rather than leaving it to us to guess which one(s). I'll reply and ask if they'd be so kind. In the meantime, looking over the list myself, I can see some possible culprits including:
I'd recommend doing your own read through their lists, as I may be overlooking others that apply. These might be worth addressing regardless since their presence in these lists seem to imply they're a reflection of current good app hygiene. I'll update with anything further I hear back from Avast. |
Alas, when I replied and asked Avast to point to Brim's specific violations from their checklist, they did not provide. Their message:
Therefore, it sounds like the best that could be done is to address as many things from their checklist as possible and then ask again, as they say. |
#2857 tracked a more recent flagging of the Zui installer as malware, and we addressed that with the changes in the linked PR #2858. As discussed in the closing remarks of #2857, the VirusTotal report for the Zui v1.3.1 Windows installer shows "green" status for all the vendors. Therefore I'm closing this issue as a duplicate of #2857. |
Hello,
Are you noticed that the last build (0.30) is flagged as malware by several security/AV products:
0.30 (Windows):
https://www.virustotal.com/gui/file/33e86bbf67936459a50b3cc1713254b6a4cf817ab46b07d49ffe7658edb84349/details (6/63)
In general, earlier builds seems to not:
0.29 (Windows): https://www.virustotal.com/gui/file/5208435e4b886e4a2b84eece27e0436948281647d5a0b8b4937756d97be812ee/detection (0/61)
0.28 (Windows): https://www.virustotal.com/gui/file/363fe8954edb1e826d2932d779973293479274a813fd7b5c0dfb67f8732ca9fd/detection (1/61)
Regards.
The text was updated successfully, but these errors were encountered: