I find myself in agreement. I stand by the earlier argument that we should watch so we don’t veer too far off into being gatekeepers, but I do concede the current rule is too restrictive. Especially since I tend to recommend people make their own taps for things that don’t fit into the main repos, this can be seen as an expansion (narrowing) of what officially fits or not.

I’m open to changing the current rule to not requiring the malware info to be submitted to Apple, but also to apps marked as malware by VirusTotal. I’m also open to including a rule that if apps have multiple versions that differ mainly by the inclusion of malware, and that is the version pushed officially by the devs, we exclude the non-malware version as well (linking back to Filezilla’s issue).

Care to draft a first change to the rule, in the FAQ?

apps_with_malware.md.txt

Care to draft a first change to the rule, in the FAQ?

i tried to have a go at it, but don't feel i was very successful. its attached.

i have found another one
mac-informer
the download directly links to something that virustotal thinks is totally evil
https://www.virustotal.com/en-gb/file/438302b00edce489b7bfa7e0bdca6d5ff834fd05d165d9454fb8b23743f177f7/analysis/1543973837/
https://www.virustotal.com/#/file/447fb5e3cd6fcbc156d5a86eed3a6f10bcb4b25159d8e98f399204fe620c74df/detection

https://github.com/Homebrew/homebrew-cask/pull/56283
https://github.com/Homebrew/homebrew-cask/pull/56284
https://github.com/Homebrew/brew/pull/5417

Want to make a PR removing all these offenders you found?

i tried to have a go at it, but don't feel i was very successful. its attached.

Thank you. It aways helps if someone writes something. Even if I change most of it, having another write a base helps with gathering what’s important.

thanks for your swift action on this one. i'll try to send separate PRs for deletion, so that the cases can be handled separately. however, i am having difficulties sending delete requests through the webinterface in both Safari and Chrome, will try again later.

ok the only other thing that looks suspicious currently is "izip" but with just one detection it could also be a false positive

https://www.virustotal.com/en-gb/file/3b0d8a8540fe0cfd98fe0d772fb30d9b8ececf0b16cea3fc21fbb266b93a7e6b/analysis/1544127509/

@claui as the local security expert, could you have a look at "dmmbookviewer" and "izip" whether they are problematic or false positives from virustotal?

i've run another scan. suspicious according to virustotal are only
izip (like last time),
dmmbookviewer (like last time) and
lidarr (additionally)

i think all of those are false-positives but it would be great if someone could look into this:

VIRUSERROR: cSHA POSITIVES 1 izip {"scans": {"Bkav": {"detected": false, "version": "1.3.0.9899", "result": null, "update": "20181205"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.297.0", "result": null, "update": "20181206"}, "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update": "20181205"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20181206"}, "McAfee": {"detected": false, "version": "6.0.6.653", "result": null, "update": "20181206"}, "Malwarebytes": {"detected": false, "version": "2.1.1.1115", "result": null, "update": "20181206"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20181205"}, "TheHacker": {"detected": false, "version": "6.8.0.5.3885", "result": null, "update": "20181202"}, "Alibaba": {"detected": false, "version": "0.1.0.2", "result": null, "update": "20180921"}, "K7GW": {"detected": false, "version": "11.15.29272", "result": null, "update": "20181206"}, "K7AntiVirus": {"detected": false, "version": "11.15.29271", "result": null, "update": "20181206"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20181206"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.24299", "result": null, "update": "20181206"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20181206"}, "Symantec": {"detected": false, "version": "1.8.0.0", "result": null, "update": "20181206"}, "ESET-NOD32": {"detected": false, "version": "18501", "result": null, "update": "20181206"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20181206"}, "Avast": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20181206"}, "ClamAV": {"detected": false, "version": "0.101.0.0", "result": null, "update": "20181206"}, "Kaspersky": {"detected": false, "version": "15.0.1.13", "result": null, "update": "20181206"}, "BitDefender": {"detected": false, "version": "7.2", "result": null, "update": "20181206"}, "Babable": {"detected": false, "version": "9107201", "result": null, "update": "20180918"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20181206"}, "Rising": {"detected": false, "version": "25.0.0.24", "result": null, "update": "20181206"}, "Ad-Aware": {"detected": false, "version": "3.0.5.370", "result": null, "update": "20181206"}, "Trustlook": {"detected": false, "version": "1.0", "result": null, "update": "20181206"}, "Emsisoft": {"detected": false, "version": "2018.4.0.1029", "result": null, "update": "20181206"}, "Comodo": {"detected": false, "version": "30081", "result": null, "update": "20181206"}, "F-Secure": {"detected": true, "version": "11.0.19100.45", "result": "Adware:OSX/Paza", "update": "20181206"}, "DrWeb": {"detected": false, "version": "7.0.34.11020", "result": null, "update": "20181206"}, "Zillya": {"detected": false, "version": "2.0.0.3708", "result": null, "update": "20181206"}, "TrendMicro": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20181206"}, "McAfee-GW-Edition": {"detected": false, "version": "v2017.3010", "result": null, "update": "20181206"}, "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update": "20181206"}, "Ikarus": {"detected": false, "version": "0.1.5.2", "result": null, "update": "20181206"}, "Cyren": {"detected": false, "version": "6.2.0.1", "result": null, "update": "20181206"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20181206"}, "Avira": {"detected": false, "version": "8.3.3.6", "result": null, "update": "20181206"}, "Fortinet": {"detected": false, "version": "5.4.247.0", "result": null, "update": "20181206"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20181205"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20181206"}, "Arcabit": {"detected": false, "version": "1.0.0.837", "result": null, "update": "20181206"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20181206"}, "AhnLab-V3": {"detected": false, "version": "3.14.1.22672", "result": null, "update": "20181206"}, "ZoneAlarm": {"detected": false, "version": "1.0", "result": null, "update": "20181206"}, "Avast-Mobile": {"detected": false, "version": "181206-00", "result": null, "update": "20181206"}, "Microsoft": {"detected": false, "version": "1.1.15500.2", "result": null, "update": "20181206"}, "TotalDefense": {"detected": false, "version": "37.1.62.1", "result": null, "update": "20181206"}, "VBA32": {"detected": false, "version": "3.34.0", "result": null, "update": "20181206"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20181206"}, "MAX": {"detected": false, "version": "2018.9.12.1", "result": null, "update": "20181206"}, "Zoner": {"detected": false, "version": "1.0", "result": null, "update": "20181206"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20181206"}, "Yandex": {"detected": false, "version": "5.5.1.3", "result": null, "update": "20181204"}, "TACHYON": {"detected": false, "version": "2018-12-06.03", "result": null, "update": "20181206"}, "GData": {"detected": false, "version": "A:25.19721B:25.13842", "result": null, "update": "20181206"}, "AVG": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20181206"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20181206"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20181206"}}, "scan_id": "3b0d8a8540fe0cfd98fe0d772fb30d9b8ececf0b16cea3fc21fbb266b93a7e6b-1544127509", "sha1": "b4e4975fc5060e339eb305f48395379a741c847a", "resource": "3b0d8a8540fe0cfd98fe0d772fb30d9b8ececf0b16cea3fc21fbb266b93a7e6b", "response_code": 1, "scan_date": "2018-12-06 20:18:29", "permalink": "https://www.virustotal.com/file/3b0d8a8540fe0cfd98fe0d772fb30d9b8ececf0b16cea3fc21fbb266b93a7e6b/analysis/1544127509/", "verbose_msg": "Scan finished, information embedded", "total": 59, "positives": 1, "sha256": "3b0d8a8540fe0cfd98fe0d772fb30d9b8ececf0b16cea3fc21fbb266b93a7e6b", "md5": "6db5c09c7d89564273f559acdff82cdf"}
VIRUSERROR: cSHA POSITIVES 1 lidarr {"scans": {"Bkav": {"detected": false, "version": "1.3.0.9899", "result": null, "update": "20190104"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.297.0", "result": null, "update": "20190105"}, "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update": "20190105"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20190105"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20190106"}, "Malwarebytes": {"detected": false, "version": "2.1.1.1115", "result": null, "update": "20190105"}, "VIPRE": {"detected": false, "version": "72170", "result": null, "update": "20190106"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20190102"}, "Trustlook": {"detected": false, "version": "1.0", "result": null, "update": "20190106"}, "BitDefender": {"detected": false, "version": "7.2", "result": null, "update": "20190106"}, "K7GW": {"detected": false, "version": "11.20.29583", "result": null, "update": "20190105"}, "K7AntiVirus": {"detected": false, "version": "11.20.29583", "result": null, "update": "20190105"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20190104"}, "Babable": {"detected": false, "version": "9107201", "result": null, "update": "20180918"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20190106"}, "Symantec": {"detected": false, "version": "1.8.0.0", "result": null, "update": "20190105"}, "ESET-NOD32": {"detected": false, "version": "18659", "result": null, "update": "20190105"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20190105"}, "Avast": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20190106"}, "ClamAV": {"detected": true, "version": "0.101.0.0", "result": "Txt.Trojan.Generic-6804604-0", "update": "20190106"}, "Kaspersky": {"detected": false, "version": "15.0.1.13", "result": null, "update": "20190105"}, "Alibaba": {"detected": false, "version": "0.1.0.2", "result": null, "update": "20180921"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.24576", "result": null, "update": "20190105"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20190105"}, "Rising": {"detected": false, "version": "25.0.0.24", "result": null, "update": "20190105"}, "Ad-Aware": {"detected": false, "version": "3.0.5.370", "result": null, "update": "20190106"}, "Emsisoft": {"detected": false, "version": "2018.4.0.1029", "result": null, "update": "20190106"}, "Comodo": {"detected": false, "version": "30230", "result": null, "update": "20190106"}, "F-Secure": {"detected": false, "version": "11.0.19100.45", "result": null, "update": "20190106"}, "DrWeb": {"detected": false, "version": "7.0.34.11020", "result": null, "update": "20190106"}, "Zillya": {"detected": false, "version": "2.0.0.3725", "result": null, "update": "20190105"}, "TrendMicro": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20190105"}, "McAfee-GW-Edition": {"detected": false, "version": "v2017.3010", "result": null, "update": "20190105"}, "TheHacker": {"detected": false, "version": "6.8.0.5.3931", "result": null, "update": "20190104"}, "Cyren": {"detected": false, "version": "6.2.0.1", "result": null, "update": "20190106"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20190106"}, "Avira": {"detected": false, "version": "8.3.3.8", "result": null, "update": "20190106"}, "Fortinet": {"detected": false, "version": "5.4.247.0", "result": null, "update": "20190106"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20190105"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20190106"}, "Arcabit": {"detected": false, "version": "1.0.0.837", "result": null, "update": "20190106"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20190106"}, "AhnLab-V3": {"detected": false, "version": "3.14.1.22785", "result": null, "update": "20190105"}, "ZoneAlarm": {"detected": false, "version": "1.0", "result": null, "update": "20190106"}, "Avast-Mobile": {"detected": false, "version": "190105-00", "result": null, "update": "20190105"}, "Microsoft": {"detected": false, "version": "1.1.15500.2", "result": null, "update": "20190105"}, "TACHYON": {"detected": false, "version": "2019-01-05.02", "result": null, "update": "20190105"}, "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update": "20190105"}, "TotalDefense": {"detected": false, "version": "37.1.62.1", "result": null, "update": "20190105"}, "McAfee": {"detected": false, "version": "6.0.6.653", "result": null, "update": "20190105"}, "MAX": {"detected": false, "version": "2018.9.12.1", "result": null, "update": "20190106"}, "VBA32": {"detected": false, "version": "3.35.1", "result": null, "update": "20190104"}, "Cylance": {"detected": false, "version": "2.3.1.101", "result": null, "update": "20190106"}, "Zoner": {"detected": false, "version": "1.0", "result": null, "update": "20190106"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20190106"}, "Yandex": {"detected": false, "version": "5.5.1.3", "result": null, "update": "20181229"}, "Ikarus": {"detected": false, "version": "0.1.5.2", "result": null, "update": "20190105"}, "GData": {"detected": false, "version": "A:25.20076B:25.14072", "result": null, "update": "20190106"}, "AVG": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20190106"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20190105"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20190106"}}, "scan_id": "fad6fdf70bf95f002e09533d3c7b821bd55111d2ee60c597bcb63002a072c422-1546744540", "sha1": "6e4bda6dad2d9ce915f05914ecc74fff36fc8f60", "resource": "fad6fdf70bf95f002e09533d3c7b821bd55111d2ee60c597bcb63002a072c422", "response_code": 1, "scan_date": "2019-01-06 03:15:40", "permalink": "https://www.virustotal.com/file/fad6fdf70bf95f002e09533d3c7b821bd55111d2ee60c597bcb63002a072c422/analysis/1546744540/", "verbose_msg": "Scan finished, information embedded", "total": 61, "positives": 1, "sha256": "fad6fdf70bf95f002e09533d3c7b821bd55111d2ee60c597bcb63002a072c422", "md5": "38f8c141712161eb65844e2f84fe17ea"}
VIRUSERROR: cSHA POSITIVES 3 dmmbookviewer {"scans": {"Bkav": {"detected": false, "version": "1.3.0.9899", "result": null, "update": "20181227"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.297.0", "result": null, "update": "20181228"}, "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update": "20181228"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20181227"}, "McAfee": {"detected": false, "version": "6.0.6.653", "result": null, "update": "20181228"}, "Malwarebytes": {"detected": false, "version": "2.1.1.1115", "result": null, "update": "20181228"}, "Zillya": {"detected": false, "version": "2.0.0.3720", "result": null, "update": "20181227"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20181228"}, "TheHacker": {"detected": false, "version": "6.8.0.5.3912", "result": null, "update": "20181225"}, "K7GW": {"detected": false, "version": "11.19.29492", "result": null, "update": "20181228"}, "K7AntiVirus": {"detected": false, "version": "11.19.29493", "result": null, "update": "20181228"}, "Arcabit": {"detected": false, "version": "1.0.0.837", "result": null, "update": "20181228"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20181207"}, "Babable": {"detected": false, "version": "9107201", "result": null, "update": "20180918"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20181228"}, "Symantec": {"detected": false, "version": "1.8.0.0", "result": null, "update": "20181227"}, "TotalDefense": {"detected": false, "version": "37.1.62.1", "result": null, "update": "20181228"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20181228"}, "Avast": {"detected": true, "version": "18.4.3895.0", "result": "MacOS:StealBit-I [Trj]", "update": "20181228"}, "ClamAV": {"detected": false, "version": "0.101.0.0", "result": null, "update": "20181228"}, "Kaspersky": {"detected": false, "version": "15.0.1.13", "result": null, "update": "20181228"}, "BitDefender": {"detected": false, "version": "7.2", "result": null, "update": "20181228"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.24576", "result": null, "update": "20181228"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20181228"}, "Rising": {"detected": false, "version": "25.0.0.24", "result": null, "update": "20181228"}, "Ad-Aware": {"detected": false, "version": "3.0.5.370", "result": null, "update": "20181228"}, "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update": "20181228"}, "Comodo": {"detected": false, "version": "30187", "result": null, "update": "20181228"}, "F-Secure": {"detected": false, "version": "11.0.19100.45", "result": null, "update": "20181228"}, "DrWeb": {"detected": false, "version": "7.0.34.11020", "result": null, "update": "20181228"}, "VIPRE": {"detected": false, "version": "71944", "result": null, "update": "20181227"}, "TrendMicro": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20181228"}, "McAfee-GW-Edition": {"detected": false, "version": "v2017.3010", "result": null, "update": "20181228"}, "Emsisoft": {"detected": false, "version": "2018.4.0.1029", "result": null, "update": "20181228"}, "Ikarus": {"detected": false, "version": "0.1.5.2", "result": null, "update": "20181228"}, "Cyren": {"detected": false, "version": "6.2.0.1", "result": null, "update": "20181228"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20181228"}, "Avira": {"detected": false, "version": "8.3.3.8", "result": null, "update": "20181228"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20181228"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20181228"}, "Microsoft": {"detected": false, "version": "1.1.15500.2", "result": null, "update": "20181228"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20181226"}, "ZoneAlarm": {"detected": false, "version": "1.0", "result": null, "update": "20181228"}, "Avast-Mobile": {"detected": false, "version": "181227-04", "result": null, "update": "20181227"}, "GData": {"detected": false, "version": "A:25.19977B:25.14004", "result": null, "update": "20181228"}, "AhnLab-V3": {"detected": false, "version": "3.14.1.22785", "result": null, "update": "20181227"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20181228"}, "TACHYON": {"detected": false, "version": "2018-12-28.03", "result": null, "update": "20181228"}, "VBA32": {"detected": false, "version": "3.35.0", "result": null, "update": "20181228"}, "Zoner": {"detected": false, "version": "1.0", "result": null, "update": "20181228"}, "ESET-NOD32": {"detected": false, "version": "18614", "result": null, "update": "20181228"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20181228"}, "Yandex": {"detected": false, "version": "5.5.1.3", "result": null, "update": "20181227"}, "MAX": {"detected": false, "version": "2018.9.12.1", "result": null, "update": "20181228"}, "Fortinet": {"detected": false, "version": "5.4.247.0", "result": null, "update": "20181228"}, "AVG": {"detected": true, "version": "18.4.3895.0", "result": "MacOS:StealBit-I [Trj]", "update": "20181228"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20181227"}, "Qihoo-360": {"detected": true, "version": "1.0.0.1120", "result": "Win32/Trojan.c09", "update": "20181228"}}, "scan_id": "00fbd0fca4ffa2d0ddd661af168636d0337abd302ff99945d3622eb91b11d307-1545992981", "sha1": "020bc52705d6b9612bd1819f601273e7ac0d3d64", "resource": "00fbd0fca4ffa2d0ddd661af168636d0337abd302ff99945d3622eb91b11d307", "response_code": 1, "scan_date": "2018-12-28 10:29:41", "permalink": "https://www.virustotal.com/file/00fbd0fca4ffa2d0ddd661af168636d0337abd302ff99945d3622eb91b11d307/analysis/1545992981/", "verbose_msg": "Scan finished, information embedded", "total": 58, "positives": 3, "sha256": "00fbd0fca4ffa2d0ddd661af168636d0337abd302ff99945d3622eb91b11d307", "md5": "cdef2b5212a837c7a6ef696b6df9f6c9"}

Thanks @core-code for your effort.

dmmbookviewer

Note that at this time, I can’t do a really thorough analysis but I have cursorily looked into dmmbookviewer and my conclusion is that this is very likely a false alarm.

Two out of three alarms appear to point to the package’s main Mach-O binary only. A casual glance yields only two somewhat shady things going on inside the binary, which are:

1. it talks to an external DRM framework branded _CypherGuard;_ and
2. it talks to an external framework branded _CypherGuard AntiCapture,_ which seemingly attempts to protect against screen capturing or something like that.

Apart from that, no obvious shenanigans, encryption, or obfuscation; in particular, I couldn’t find any evidence why both Avast and AVG would yelp about an ostensibly coin-stealing trojan.

The third dmmbookviewer-related alarm (from the Qihoo-360 engine) is definitely bogus; it went away by extracting and re-packaging.

Will try and glance at the other packages as I get around to it.

thanks!

izip

Most likely a false positive. I was able to trace the alarm back to the following file:

iZip.app/Contents/Resources/iBoostUp.app/Contents/Resources/ituShredder.bundle/Contents/MacOS/ituShredder

This is a component to securely delete files; on a cursory glance in Hopper, I couldn’t see any obvious shenanigans going on (except for the fact that it, well, shreds files). Notably, the executable itself triggers no warnings at all; F-Secure only lists it as malicious when zipped, no matter the compression level. This, together with the fact that there’s no trace of MacKeeper (aka Adware:OSX/Paza) anywhere in iZip’s package, is a sign of a false positive.

I’ve submitted the sample to F-Secure so they can whitelist it, and will report back here as soon as I get a response from them.

thanks, i've whitelisted both on my end now.

@core-code With that out of the way, I went on to install iZip on a VM because I was curious why a trial of the commercial iBoostUp.app would come bundled with iZip.

The bundled iBoostUp trial will launch when you click the following green button in the GUI:

The good part is that iZip’s GUI makes it at least somewhat transparent that we’re dealing with an ad boundary here. Also, launching iBoostUp has no apparent persistent effects. In my opinion, bundling the iBoostUp app certainly won’t warrant a malware warning in itself, and is probably not the reason why F-Secure labelled it Adware:OSX/Paza. The iBoostUp app, which is distributed by the same company that offers iZip, is apparently not nearly as controversial as e. g. MacKeeper is. While iBoostUp is certainly not necessary for iZip’s core operation, I’d say the combination of colour and wording of the ad button barely qualifies as not covert.

There’s one thing that I really condemn though: while the green button and copy clearly qualifies as an advertisement, iZip’s homepage (archived version) blatantly makes a promise whose veracity I’d set up for debate:

There are no advertisements, spyware, limitations, time limits or other catches.

While I feel that’s really shitty behaviour and borders on a potentially unwanted program, I’d still say we can safely keep this cask. Unless a fellow @Homebrew/cask maintainer objects, that is.

Got an email from F-Secure regarding the iZip/iBoostUp false positive:

Thank you for your submission.

Our analysis indicated that the file you submitted is clean.

We have identified the issue as a False Positive, which will be resolved automatically via F-Secure's Security Cloud (otherwise known as ORSP).

somehow i trust your analysis more than that from F-Secure. i agree that the false-advertising from their homepage is annoying, but that we should keep that cask regardless.

@claui Hi, I really like simplicity of installing GUI apps via cli. But I'm super worried this will decrease overall security of my system. I understand that homebrew cask is not a gatekeeper, but that's not what I'm worried about... Even if I know what app I'm installing, it is possible for a malicious PR to get through with a modified url to a tempered app, that can end up on my system via brew update or brew cask install.

What is a guarantee that by issuing brew cask install 1password I'm getting the vendor app? Yes I can examine the cask itself https://github.com/Homebrew/homebrew-cask/blob/master/Casks/1password.rb but that becomes impractical and defeats the simplicity of installing apps via cli.

What is your take on this? and sorry for hijacking the topic, but it seemed most relevant.

Even if I know what app I'm installing, it is possible for a malicious PR to get through with a modified url to a tempered app

Possible, yes. Likely, no.

We don’t blindly merge PRs (there would be no point). We verify that download URLs have the same domain as the homepage, and for the cases they don’t we go to the homepage ourselves and verify the link that is there is indeed the same as in the cask. That is the point of having PRs and maintainers (who are human and can make mistakes, granted) that verify the changes.

What is a guarantee that by issuing brew cask install 1password I'm getting the vendor app?

Even if you manually downloaded from the webpage, you’d have no guarantee you were getting the vendor app, because it might’ve been tampered with. But if you trust that getting it from the homepage is acceptable risk, then getting it from us is about the same.

Yes I can examine the cask itself

And we pride ourselves in that auditability!

but that becomes impractical and defeats the simplicity of installing apps via cli.

And in the end, you are responsible for what you install. We make further security enhancements, such as adding quarantine to downloads, but the user is always the last line of defence. In fact, I encourage users to not trust us and do their due diligence, as that benefits us all.

about improving security even further, i think it could be good idea to store the name of the code signing in the cask - this way travis could give us a heads-up if it changed since last time.

it is possible for a malicious PR to get through with a modified url to a tempered app
Possible, yes. Likely, no.

also, you see the URL that is being used during a "cask install"

good news everyone ;) i've run another scan and there are no new alerts from virustotal

another scan, no new warnings!

in the interest of keeping noise down i'll only post here if i find something new in the future.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

Go away, little robot.

april-fool scan revealed nothing new except a complain about 'yabumi'

since the cask has been offline for a while, maybe it should be removed anyway:

VIRUSWARNING: cURL POSITIVES 2 yabumi {"scan_id": "40185af9331943456433e4aeea7ea1f258aa2a39d75d2a5b268fdb7450181567-1552819270", "resource": "https://yabumi.cc/download/Yabumi.dmg", "url": "https://yabumi.cc/download/Yabumi.dmg", "response_code": 1, "scan_date": "2019-03-17 10:41:10", "permalink": "https://www.virustotal.com/url/40185af9331943456433e4aeea7ea1f258aa2a39d75d2a5b268fdb7450181567/analysis/1552819270/", "verbose_msg": "Scan finished, scan information embedded in this object", "filescan_id": null, "positives": 2, "total": 69, "scans": {"CLEAN MX": {"detected": false, "result": "clean site"}, "DNS8": {"detected": false, "result": "clean site"}, "VX Vault": {"detected": false, "result": "clean site"}, "ZDB Zeus": {"detected": false, "result": "clean site"}, "Tencent": {"detected": false, "result": "clean site"}, "MalwarePatrol": {"detected": false, "result": "clean site"}, "Netcraft": {"detected": false, "result": "unrated site"}, "PhishLabs": {"detected": false, "result": "unrated site"}, "Zerofox": {"detected": false, "result": "clean site"}, "AutoShun": {"detected": false, "result": "unrated site"}, "K7AntiVirus": {"detected": false, "result": "clean site"}, "Virusdie External Site Scan": {"detected": false, "result": "clean site"}, "Spamhaus": {"detected": false, "result": "clean site"}, "Quttera": {"detected": false, "result": "clean site"}, "AegisLab WebGuard": {"detected": false, "result": "clean site"}, "MalwareDomainList": {"detected": false, "result": "clean site", "detail": "http://www.malwaredomainlist.com/mdl.php?search=yabumi.cc"}, "ZeusTracker": {"detected": false, "result": "clean site", "detail": "https://zeustracker.abuse.ch/monitor.php?host=yabumi.cc"}, "zvelo": {"detected": false, "result": "clean site"}, "Google Safebrowsing": {"detected": false, "result": "clean site"}, "Kaspersky": {"detected": false, "result": "clean site"}, "BitDefender": {"detected": false, "result": "clean site"}, "Dr.Web": {"detected": false, "result": "clean site"}, "G-Data": {"detected": false, "result": "clean site"}, "OpenPhish": {"detected": false, "result": "clean site"}, "Malware Domain Blocklist": {"detected": false, "result": "clean site"}, "CRDF": {"detected": false, "result": "clean site"}, "Trustwave": {"detected": false, "result": "clean site"}, "Web Security Guard": {"detected": false, "result": "clean site"}, "CyRadar": {"detected": false, "result": "clean site"}, "desenmascara.me": {"detected": false, "result": "clean site"}, "ADMINUSLabs": {"detected": false, "result": "clean site"}, "Malwarebytes hpHosts": {"detected": false, "result": "clean site"}, "Opera": {"detected": false, "result": "clean site"}, "AlienVault": {"detected": false, "result": "clean site"}, "Emsisoft": {"detected": false, "result": "clean site"}, "Malc0de Database": {"detected": false, "result": "clean site", "detail": "http://malc0de.com/database/index.php?search=yabumi.cc"}, "malwares.com URL checker": {"detected": false, "result": "clean site"}, "Phishtank": {"detected": false, "result": "clean site"}, "EonScope": {"detected": false, "result": "clean site"}, "Malwared": {"detected": false, "result": "clean site"}, "Avira": {"detected": true, "result": "malware site"}, "NotMining": {"detected": false, "result": "unrated site"}, "CyberCrime": {"detected": false, "result": "clean site"}, "Antiy-AVL": {"detected": false, "result": "clean site"}, "Forcepoint ThreatSeeker": {"detected": true, "result": "malicious site"}, "FraudSense": {"detected": false, "result": "clean site"}, "ESTsecurity-Threat Inside": {"detected": false, "result": "clean site"}, "Comodo Site Inspector": {"detected": false, "result": "clean site"}, "Malekal": {"detected": false, "result": "clean site"}, "ESET": {"detected": false, "result": "clean site"}, "Sophos": {"detected": false, "result": "unrated site"}, "Yandex Safebrowsing": {"detected": false, "result": "clean site", "detail": "http://yandex.com/infected?l10n=en&url=https://yabumi.cc/download/Yabumi.dmg"}, "SecureBrain": {"detected": false, "result": "clean site"}, "Nucleon": {"detected": false, "result": "clean site"}, "BADWARE.INFO": {"detected": false, "result": "clean site"}, "Sucuri SiteCheck": {"detected": false, "result": "clean site"}, "Blueliv": {"detected": false, "result": "clean site"}, "ZCloudsec": {"detected": false, "result": "clean site"}, "SCUMWARE.org": {"detected": false, "result": "clean site"}, "ThreatHive": {"detected": false, "result": "clean site"}, "FraudScore": {"detected": false, "result": "clean site"}, "Rising": {"detected": false, "result": "clean site"}, "URLQuery": {"detected": false, "result": "clean site"}, "StopBadware": {"detected": false, "result": "unrated site"}, "Fortinet": {"detected": false, "result": "clean site"}, "ZeroCERT": {"detected": false, "result": "clean site"}, "Spam404": {"detected": false, "result": "clean site"}, "securolytics": {"detected": false, "result": "clean site"}, "Baidu-International": {"detected": false, "result": "clean site"}}}

since the cask has been offline for a while

Offline in what sense?
brew cask fetch yabumi downloads just fine for me.

I’d say the alert is unrelated or a false positive. Only two engines on VT seem to blacklist it, and that refers to the entire domain, not the download. The .dmg file itself yields no results.

thats weird, i can't access it either through HBC or in a browser:

brew cask fetch yabumi
==> Downloading external files for Cask yabumi
==> Downloading https://yabumi.cc/download/Yabumi.dmg

curl: (22) The requested URL returned error: 403 
Error: Download failed on Cask 'yabumi' with message: Download failed: https://yabumi.cc/download/Yabumi.dmg

Safari:
Error 1020 Ray ID: 4c1249cdfee0be5c • 2019-04-02 10:58:33 UTC
Access denied
What happened?
This website is using a security service to protect itself from online attacks.

seems they hate my IP ;-)

thats weird, i can't access it either through HBC or in a browser:
seems they hate my IP ;-)

I tried and ended up with the same error (i live in Sweden). Turned on the VPN in Opera set to ”Americas”, and the file downloaded fine.

I guess some engines and AVs will flag the Ruby uploader script inside the appbundle as sucpicious (but is not).

new hit, cask 'aria2d':
https://www.virustotal.com/en/file/f031ae48b07e46f31df52251aa80f959151a6431697b80c4be2bc40def8fcb0a/analysis/1556154446/

I noticed this topic about scanning casks and I think it's a great idea. I'd like to suggest this project which performs the same service as VT and incorporates yara.

https://github.com/maliceio/malice

@robertleeblairjr Awesome! 🔥 Thanks for sending this over. I think I might look into implementing into the ML system.

@robertleeblairjr Awesome! 🔥 Thanks for sending this over. I think I might look into implementing into the ML system.

YW. Glad I can contribute in any small way. I was impressed with the demo in the web interface.

new hit this time, looks like a false positive to me:

https://www.virustotal.com/url/df56dc6c137479967c6ea07b0519135b8ecddba3278bf937de68bbc649db3909/analysis/1556034230/

also, its complaining just about the URL, not about the file itself.

Good news. This might become unnecessary as of macOS Catalina. In it, all software will get a malicious content scan, even if non-quarantined. For reference, see the WWDC talk (≈ 09:35).

@vitorgalvao trusting the next guy is never a good idea.

@vitorgalvao trusting the next guy is never a good idea.

What’s your point?

If I trust you to do security check, you trust X to do security check, and X trusts Y to do security check - you can see how this can become problematic, as you are trusting the next guy in the chain of responsibilities, eventually nobody takes responsibiliy for when shit hits the fan. This is common in beurocracies. Always better to do check yourself and if next guy does it too, great.

@sandrodz By your logic, you shouldn’t trust Homebrew Cask or the checks on this issue, and should do all your security checks yourself. You’re free to do so, but that doesn’t concern this issue.

Your point doesn’t even apply. I’m not suggesting adding another in a chain of checks, but replacing one check (one that @core-code generously does, which consumes time and resources) with another (provided by Apple, the provider of the operating system you’re using).

@sandrodz Homebrew has never really committed to do real security checks. All we’ve done are spot checks, and of course weed out some known malware, thanks to @core-code’s effort. But all that has happened purely out of courtesy – not because we consider it our responsibility.

If we find Apple’s forced notarization to be anywhere near useful, I’d be inclined to see this issue closed. It’s dangerous to have people believe Homebrew to be a line of defense in malware checking. Relying on Homebrew to do malware checks would be a mistake and may cause more harm than good.

@claui I do my own scans, but it always felt good to know homebrew did this too. And it will feel better when Apple will start doing it. I'm just saying, more eyes is better than less eyes.

@sandrodz That’s a good point. On the other hand: people who are not power users and don’t bother doing their own checks may be inclined to rely on Homebrew’s checks more than e. g. you do. Which is why this issue has always bugged me a bit.

i agree with @sandrodz
i don't trust apple will do anything remotely useful with their 'malware content check', until proven otherwise. Apple has a disastrous track record regarding security. they distribute dozens of apps that are known malware or from known malware companies on the Mac App Store. i've opened a bug report, they just don't care. if they wont even remove malicious apps from the Mac App Store, they surely won't block them with their 'malicious content scan'

they removed a few apps from their store after the public outcry about spyware last autumn, but will keep any other malware that doesn't cause a large PR nightmare for them.

just a few links here:

https://itunes.apple.com/us/app/disk-analyzer-pro/id951695736?mt=12&uo=4
https://itunes.apple.com/us/app/disk-clean-pro/id1028314558?mt=12&uo=4
https://itunes.apple.com/us/app/duplicate-cleaner-for-iphoto/id586862299?mt=12&uo=4
https://itunes.apple.com/us/app/duplicate-file-cleaner/id859277488?mt=12&uo=4
https://itunes.apple.com/us/app/duplicate-finder-and-remover/id1053840317?mt=12&uo=4
https://itunes.apple.com/us/app/duplicate-photos-fixer-pro/id963642514?mt=12&uo=4
https://itunes.apple.com/us/app/duplicate-photos-fixer/id951695705?mt=12&uo=4
https://itunes.apple.com/us/app/duplicates-cleaner/id1012324495?mt=12&uo=4
https://itunes.apple.com/us/app/file-helper/id1166139434?mt=12&uo=4
https://itunes.apple.com/us/app/hdr-effect/id1265786782?mt=12&uo=4
https://itunes.apple.com/us/app/image-resizer-resize-photos/id1188274404?mt=12&uo=4
https://itunes.apple.com/us/app/noise-reducer-pro/id1033898342?mt=12&uo=4
https://itunes.apple.com/us/app/photos-duplicate-cleaner/id592704001?mt=12&uo=4
https://itunes.apple.com/us/app/photos-exif-editor/id1202851767?mt=12&uo=4
https://itunes.apple.com/us/app/porn-block-plus/id1276502088?mt=12&uo=4
https://itunes.apple.com/us/app/power-widget/id1177416158?mt=12&uo=4
https://itunes.apple.com/us/app/startup-manager/id1296723195?mt=12&uo=4
https://itunes.apple.com/us/app/tweak-and-tuneup/id916683896?mt=12&uo=4
https://itunes.apple.com/us/app/tweak-photos-image-editor/id1109965022?mt=12&uo=4

in summary, i will continue to run virustotal scans until Apple has proven that they get their act together.

@core-code Let's not forget that that ML system has had a working prototype implementation that runs malware detection via https://github.com/maliceio/malice; thanks to a suggestion by @robertleeblairjr a month (or so) ago. It's not extraordinarily sophisticated yet, but it might be something you can look futher into once I look into getting you guys access to the system..

@ran-dall that sounds good, though i am not sure how useful 'Malice' is in comparison to 'VirusTotal'. if it turns out less useful, it should be easy to swap it, no?

btw, if there is significant interest, i can work on open-sourcing the code i use to check HBC via VirusTotal. it works with a simple-double click, all you need is a VirusTotal API key and a few days of time...

@core-code Yes it should be easy to swap. I integrated Malice more as a POC (hence the word prototype), and it was an interesting afternoon project. You should check the overview here: https://n0where.net/free-open-source-self-hosted-virustotal-malice; cause it can run checks beyond the VirusTotal database and has loads of exciting features. I haven't played with nearly a quarter of them yet, but it's very intriguing.

another warning for cask 'qbserve', seems like a false-positive to me:

https://www.virustotal.com/gui/file/101b73078a1244f73b999563806fad994f5cef9907bc3f1f7ec3cf583f6e436d/detection

another run, two new casks are flagged by virustotal. both look like false positives to me:

wine-devel
https://www.virustotal.com/file/001f65cc55eacbab6bdde3536cd388c7b2bda022783321e00452a8d9c6047b30/analysis/1562747103/

electrum
https://www.virustotal.com/file/767b4f1e1f11bb7489f73c989f538257340ab35bc27d1fe1a62cf68dab187b36/analysis/1563411341/

btw the error on 'qbserve' has vanished after telling virustotal to re-scan it

I've seen the one from Wine before; that could by a false positive caused by some Xamarin/Mono library (can't remember exactly which one).

Sent from my iPhone

On Jul 19, 2019, at 1:34 AM, CoreCode notifications@github.com wrote:

btw the error on 'qbserve' has vanished after telling virustotal to re-scan it

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

new VirusTotal warning on the cask i4tools:
https://www.virustotal.com/gui/file/9992b748f6bcd6a6bc24772c45f6879f5e8e4a84752633948749f892519675be/detection

can someone have a look at this?

@core-code This is an iOS jailbreaking tool, isn't it? They're are probably using that exploit to jailbreak...

hm that makes sense. the question is, is it safe for the user? it has just recently been added to HBC

i've taken 'i4tools' off our list of casks that we process since there has been no good evidence that it isn't actually as malicious as VirusTotal claims.

this doesn't sound good:
https://unit42.paloaltonetworks.com/acedeceiver-first-ios-trojan-exploiting-apple-drm-design-flaws-to-infect-any-ios-device/

@core-code Sorry forgot to get back to you on this, my bad 🤪. This should be safe if the user knows what he/she is installing. It's not atypical for a Jailbreak solution to use an exploit that can also be used for other more 'malicious' things. IMO this would fall on the responsibility of the user to know what he/she is installing. I would argue though that if he/she is installing a piece of software for Jailbreaking, then they may already know what they are doing / what they want.

I would argue though that if he/she is installing a piece of software for Jailbreaking, then they may already know what they are doing / what they want.

The operative word being “may”. I’d be willing to bet a significant portion of the jailbreak crowd does it without technical knowledge, just like they upgrade to OS betas. It’s easy enough to do that you don’t have to understand the consequences, and that’s a problem.

But if the tool is legitimate, it should stay. I’d rather err on the side of keeping it, as we do expect user to have reasonable knowledge of the apps they’re installing through us.

It doesn’t help that the website is in a language I can’t read (can any of us in this issue?) and that I can barely load it. I’m on a spotty library connection which — no joke — is taking over 60 seconds to load each github page.

the article i've linked to doesn't make it sound like the tool is just flagged by VirusTotal because it can be used to jailbreak - which i would not have a problem with

the article i've linked to doesn't make it sound like the tool is just flagged by VirusTotal because it can be used to jailbreak - which i would not have a problem with

Primordially, jailbreaking consists of adding additional a few files, as it turns out iOS is not that different from Debian. At least, that was the original ideology. Anyhow, the way of getting said files from A to B changes every time, but typically it's thru the use of some exploit; of which, said exploit normally gets patched after some group releases a jailbreak utility (like in this case, maybe) and Apple finds out about it. This is why jailbreak utilities only work within a certain range of iOS versions.

But if the tool is legitimate, it should stay. I’d rather err on the side of keeping it, as we do expect user to have reasonable knowledge of the apps they’re installing through us.

My thoughts exactly, although this might fall under something we probably shouldn't have an opinion on; as Apple would probably rather not have this any easier to access to than it needs to be. That and I don't really see it being a benefit from being on HBC. Not to mention, I'm sure this goes against certain Apple User Agreements.

the article i've linked to

I was finally able to load it. You’re right, even the first paragraphs paint a gloomy picture. Opened a PR for removal with a chance for comments.

Thank you for doing the virus checks and looking further into this particular one.

I was finally able to load it. You’re right, even the first paragraphs paint a gloomy picture. Opened a PR for removal with a chance for comments.

For the record, this is behavior is about par for most jailbreak utilities nowadays. Granted, most of what I know is if from Apple's Security mailing-lists. But it would seem, Jailbreaking kinda died when Cydia shut down; which is now why you see this type of questionable behavior from the new jailbreaking utilities.

@ran-dall Thank you as well for the insights. It seems you also have some worries about keeping this in, so we’re all on the same page.

I’ll leave the PR open for a bit (who knows, maybe a maintainer or someone else has a relevant knowledge we’re lacking) but not too long.

two new results from the newest virustotal scan:

cask flinto
https://www.virustotal.com/gui/file/5e2492aa948aa65803d76664391d04a9e8eeec2df93946cb0c514ceb4cc480e5/detection

cask memory
https://www.virustotal.com/gui/url/25690b0673113d21b741e95e6930564a60df289626402c9d8147d7b463355b61/detection

@claui can you have a quick look at these two?

we've got 4 hits this time. can someone have a look at these?

https://www.virustotal.com/file/6d7e8a79f2990e36df9310e196a78711d6c10642d599095633df28309bf0d76c/analysis/1571692788/
tribler
https://www.virustotal.com/file/47f656a5d9f16b1db0e7bd486efbec8baa81386adf1c887f2b59bfa8754a1549/analysis/1571402691/
flinto
https://www.virustotal.com/file/75701da0e0e206ce1e4c24df5d034fe9e051c6beb33e0e45119f07c22b3e9854/analysis/1572271961/
impactor
https://www.virustotal.com/file/9db548074424473c5804d1118d27cd4f052db8b53b3e7c3261c1a903f521cbf1/analysis/1571741705/

VIRUSERROR: cSHA POSITIVES 4 axe-core {"scans": {"Bkav": {"detected": false, "version": "1.3.0.10239", "result": null, "update": "20191021"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.297.0", "result": null, "update": "20191021"}, "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update": "20190321"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20191021"}, "McAfee": {"detected": false, "version": "6.0.6.653", "result": null, "update": "20191021"}, "Malwarebytes": {"detected": false, "version": "2.1.1.1115", "result": null, "update": "20191021"}, "Zillya": {"detected": false, "version": "2.0.0.3930", "result": null, "update": "20191021"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20191021"}, "K7AntiVirus": {"detected": false, "version": "11.74.32329", "result": null, "update": "20191021"}, "K7GW": {"detected": false, "version": "11.74.32328", "result": null, "update": "20191021"}, "Arcabit": {"detected": false, "version": "1.0.0.861", "result": null, "update": "20191021"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20190318"}, "Cyren": {"detected": false, "version": "6.2.2.2", "result": null, "update": "20191021"}, "ESET-NOD32": {"detected": false, "version": "20218", "result": null, "update": "20191021"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20191021"}, "Avast": {"detected": true, "version": "18.4.3895.0", "result": "MacOS:BitCoinMiner-BW [PUP]", "update": "20191021"}, "ClamAV": {"detected": false, "version": "0.102.0.0", "result": null, "update": "20191021"}, "Kaspersky": {"detected": true, "version": "15.0.1.13", "result": "not-a-virus:HEUR:RiskTool.OSX.Miner.l", "update": "20191021"}, "BitDefender": {"detected": false, "version": "7.2", "result": null, "update": "20191021"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.24859", "result": null, "update": "20191021"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20191021"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20191021"}, "Ad-Aware": {"detected": false, "version": "3.0.5.370", "result": null, "update": "20191021"}, "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update": "20191021"}, "Comodo": {"detected": false, "version": "31630", "result": null, "update": "20191021"}, "F-Secure": {"detected": false, "version": "12.0.86.52", "result": null, "update": "20191021"}, "DrWeb": {"detected": false, "version": "7.0.41.7240", "result": null, "update": "20191021"}, "VIPRE": {"detected": false, "version": "78734", "result": null, "update": "20191021"}, "TrendMicro": {"detected": false, "version": "11.0.0.1006", "result": null, "update": "20191021"}, "McAfee-GW-Edition": {"detected": false, "version": "v2017.3010", "result": null, "update": "20191021"}, "FireEye": {"detected": false, "version": "29.7.0.0", "result": null, "update": "20191021"}, "Emsisoft": {"detected": false, "version": "2018.12.0.1641", "result": null, "update": "20191021"}, "Ikarus": {"detected": false, "version": "0.1.5.2", "result": null, "update": "20191021"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20191021"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20191021"}, "Fortinet": {"detected": false, "version": "5.4.247.0", "result": null, "update": "20191021"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20191021"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20191021"}, "Microsoft": {"detected": false, "version": "1.1.16500.1", "result": null, "update": "20191021"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20191018"}, "ZoneAlarm": {"detected": true, "version": "1.0", "result": "not-a-virus:HEUR:RiskTool.OSX.Miner.l", "update": "20191021"}, "Avast-Mobile": {"detected": false, "version": "191012-04", "result": null, "update": "20191012"}, "AhnLab-V3": {"detected": false, "version": "3.16.3.25410", "result": null, "update": "20191021"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20191021"}, "MAX": {"detected": false, "version": "2019.9.16.1", "result": null, "update": "20191021"}, "VBA32": {"detected": false, "version": "4.2.0", "result": null, "update": "20191021"}, "Zoner": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20191021"}, "Rising": {"detected": false, "version": "25.0.0.24", "result": null, "update": "20191021"}, "Yandex": {"detected": false, "version": "5.5.2.24", "result": null, "update": "20191018"}, "TACHYON": {"detected": false, "version": "2019-10-21.02", "result": null, "update": "20191021"}, "MaxSecure": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20191021"}, "GData": {"detected": false, "version": "A:25.23735B:26.16372", "result": null, "update": "20191021"}, "AVG": {"detected": true, "version": "18.4.3895.0", "result": "MacOS:BitCoinMiner-BW [PUP]", "update": "20191021"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20191021"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20191021"}}, "scan_id": "6d7e8a79f2990e36df9310e196a78711d6c10642d599095633df28309bf0d76c-1571692788", "sha1": "b6b93e434d5c50a3df5625e5c331613317f1e5de", "resource": "6d7e8a79f2990e36df9310e196a78711d6c10642d599095633df28309bf0d76c", "response_code": 1, "scan_date": "2019-10-21 21:19:48", "permalink": "https://www.virustotal.com/file/6d7e8a79f2990e36df9310e196a78711d6c10642d599095633df28309bf0d76c/analysis/1571692788/", "verbose_msg": "Scan finished, information embedded", "total": 55, "positives": 4, "sha256": "6d7e8a79f2990e36df9310e196a78711d6c10642d599095633df28309bf0d76c", "md5": "d848bf0ba48e2bcf16054cb499455b26"}
VIRUSERROR: cSHA POSITIVES 4 tribler {"scans": {"Bkav": {"detected": false, "version": "1.3.0.10239", "result": null, "update": "20191018"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.297.0", "result": null, "update": "20191018"}, "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update": "20190321"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20191017"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20191018"}, "Malwarebytes": {"detected": false, "version": "2.1.1.1115", "result": null, "update": "20191018"}, "Zillya": {"detected": false, "version": "2.0.0.3927", "result": null, "update": "20191017"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20191018"}, "K7AntiVirus": {"detected": false, "version": "11.73.32308", "result": null, "update": "20191018"}, "K7GW": {"detected": false, "version": "11.72.32236", "result": null, "update": "20191010"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20190318"}, "Cyren": {"detected": false, "version": "6.2.2.2", "result": null, "update": "20191018"}, "ESET-NOD32": {"detected": false, "version": "20201", "result": null, "update": "20191018"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20191018"}, "BitDefender": {"detected": true, "version": "7.2", "result": "Application.MAC.Paza.4001", "update": "20191018"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.24859", "result": null, "update": "20191018"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20191011"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20191018"}, "Ad-Aware": {"detected": false, "version": "3.0.5.370", "result": null, "update": "20191018"}, "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update": "20191018"}, "Comodo": {"detected": false, "version": "31617", "result": null, "update": "20191018"}, "VIPRE": {"detected": false, "version": "78670", "result": null, "update": "20191018"}, "TrendMicro": {"detected": false, "version": "11.0.0.1006", "result": null, "update": "20191018"}, "McAfee-GW-Edition": {"detected": false, "version": "v2017.3010", "result": null, "update": "20191017"}, "FireEye": {"detected": true, "version": "29.7.0.0", "result": "Application.MAC.Paza.4001", "update": "20191018"}, "Emsisoft": {"detected": false, "version": "2018.12.0.1641", "result": null, "update": "20191018"}, "GData": {"detected": true, "version": "A:25.23716B:26.16333", "result": "Application.MAC.Paza.3972", "update": "20191018"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20191018"}, "Avira": {"detected": false, "version": "8.3.3.8", "result": null, "update": "20191018"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20191018"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20191018"}, "Arcabit": {"detected": false, "version": "1.0.0.859", "result": null, "update": "20191018"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20191018"}, "ZoneAlarm": {"detected": false, "version": "1.0", "result": null, "update": "20191018"}, "Avast-Mobile": {"detected": false, "version": "191012-04", "result": null, "update": "20191012"}, "AhnLab-V3": {"detected": false, "version": "3.16.3.25410", "result": null, "update": "20191018"}, "MAX": {"detected": true, "version": "2019.9.16.1", "result": "malware (ai score=80)", "update": "20191018"}, "Zoner": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20191017"}, "Rising": {"detected": false, "version": "25.0.0.24", "result": null, "update": "20191018"}, "Yandex": {"detected": false, "version": "5.5.2.24", "result": null, "update": "20191018"}, "TACHYON": {"detected": false, "version": "2019-10-18.02", "result": null, "update": "20191018"}, "MaxSecure": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20191017"}, "Fortinet": {"detected": false, "version": "5.4.247.0", "result": null, "update": "20191018"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20191018"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20191018"}}, "scan_id": "47f656a5d9f16b1db0e7bd486efbec8baa81386adf1c887f2b59bfa8754a1549-1571402691", "sha1": "1800c29b1dc668e81a7f9b0beaf1d5ce88854835", "resource": "47f656a5d9f16b1db0e7bd486efbec8baa81386adf1c887f2b59bfa8754a1549", "response_code": 1, "scan_date": "2019-10-18 12:44:51", "permalink": "https://www.virustotal.com/file/47f656a5d9f16b1db0e7bd486efbec8baa81386adf1c887f2b59bfa8754a1549/analysis/1571402691/", "verbose_msg": "Scan finished, information embedded", "total": 45, "positives": 4, "sha256": "47f656a5d9f16b1db0e7bd486efbec8baa81386adf1c887f2b59bfa8754a1549", "md5": "67c23ed9e7ba453128deb853d7f5f555"}
VIRUSERROR: cSHA POSITIVES 6 flinto {"scans": {"Bkav": {"detected": false, "version": "1.3.0.10239", "result": null, "update": "20191028"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.297.0", "result": null, "update": "20191028"}, "FireEye": {"detected": true, "version": "29.7.0.0", "result": "Gen:Variant.Adware.MAC.Genieo.1", "update": "20191028"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20191028"}, "McAfee": {"detected": false, "version": "6.0.6.653", "result": null, "update": "20191028"}, "Malwarebytes": {"detected": false, "version": "2.1.1.1115", "result": null, "update": "20191028"}, "Zillya": {"detected": false, "version": "2.0.0.3933", "result": null, "update": "20191025"}, "K7AntiVirus": {"detected": false, "version": "11.74.32369", "result": null, "update": "20191028"}, "K7GW": {"detected": false, "version": "11.74.32368", "result": null, "update": "20191028"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20190318"}, "Cyren": {"detected": false, "version": "6.2.2.2", "result": null, "update": "20191028"}, "Symantec": {"detected": false, "version": "1.11.0.0", "result": null, "update": "20191028"}, "ESET-NOD32": {"detected": false, "version": "20254", "result": null, "update": "20191028"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20191028"}, "Avast": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20191028"}, "ClamAV": {"detected": false, "version": "0.102.0.0", "result": null, "update": "20191028"}, "GData": {"detected": true, "version": "A:25.23797B:26.16452", "result": "Gen:Variant.Adware.MAC.Genieo.1", "update": "20191028"}, "Kaspersky": {"detected": false, "version": "15.0.1.13", "result": null, "update": "20191028"}, "BitDefender": {"detected": true, "version": "7.2", "result": "Gen:Variant.Adware.MAC.Genieo.1", "update": "20191028"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.24859", "result": null, "update": "20191028"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20191028"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20191028"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20191028"}, "Ad-Aware": {"detected": false, "version": "3.0.5.370", "result": null, "update": "20191028"}, "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update": "20191028"}, "Comodo": {"detected": false, "version": "31656", "result": null, "update": "20191028"}, "F-Secure": {"detected": false, "version": "12.0.86.52", "result": null, "update": "20191028"}, "DrWeb": {"detected": false, "version": "7.0.41.7240", "result": null, "update": "20191028"}, "VIPRE": {"detected": false, "version": "78912", "result": null, "update": "20191028"}, "TrendMicro": {"detected": false, "version": "11.0.0.1006", "result": null, "update": "20191028"}, "McAfee-GW-Edition": {"detected": false, "version": "v2017.3010", "result": null, "update": "20191028"}, "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update": "20190321"}, "Emsisoft": {"detected": true, "version": "2018.12.0.1641", "result": "Gen:Variant.Adware.MAC.Genieo.1 (B)", "update": "20191028"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20191028"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20191028"}, "Avira": {"detected": false, "version": "8.3.3.8", "result": null, "update": "20191028"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20191028"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20191028"}, "Microsoft": {"detected": false, "version": "1.1.16500.1", "result": null, "update": "20191028"}, "Arcabit": {"detected": true, "version": "1.0.0.861", "result": "Trojan.Adware.MAC.Genieo.1", "update": "20191028"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20191025"}, "ZoneAlarm": {"detected": false, "version": "1.0", "result": null, "update": "20191028"}, "Avast-Mobile": {"detected": false, "version": "191012-04", "result": null, "update": "20191012"}, "TACHYON": {"detected": false, "version": "2019-10-28.03", "result": null, "update": "20191028"}, "AhnLab-V3": {"detected": false, "version": "3.16.3.25410", "result": null, "update": "20191028"}, "VBA32": {"detected": false, "version": "4.2.0", "result": null, "update": "20191028"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20191028"}, "MAX": {"detected": true, "version": "2019.9.16.1", "result": "malware (ai score=84)", "update": "20191028"}, "Zoner": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20191028"}, "Rising": {"detected": false, "version": "25.0.0.24", "result": null, "update": "20191028"}, "Yandex": {"detected": false, "version": "5.5.2.24", "result": null, "update": "20191025"}, "Ikarus": {"detected": false, "version": "0.1.5.2", "result": null, "update": "20191028"}, "MaxSecure": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20191021"}, "Fortinet": {"detected": false, "version": "5.4.247.0", "result": null, "update": "20191028"}, "AVG": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20191028"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20191028"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20191028"}}, "scan_id": "75701da0e0e206ce1e4c24df5d034fe9e051c6beb33e0e45119f07c22b3e9854-1572271961", "sha1": "5599ebc553265071a3200f6755e6916dac0b1400", "resource": "75701da0e0e206ce1e4c24df5d034fe9e051c6beb33e0e45119f07c22b3e9854", "response_code": 1, "scan_date": "2019-10-28 14:12:41", "permalink": "https://www.virustotal.com/file/75701da0e0e206ce1e4c24df5d034fe9e051c6beb33e0e45119f07c22b3e9854/analysis/1572271961/", "verbose_msg": "Scan finished, information embedded", "total": 57, "positives": 6, "sha256": "75701da0e0e206ce1e4c24df5d034fe9e051c6beb33e0e45119f07c22b3e9854", "md5": "afcd8461b0fa2ee231074642ae17dd18"}
VIRUSERROR: cSHA POSITIVES 6 impactor {"scans": {"Bkav": {"detected": false, "version": "1.3.0.10239", "result": null, "update": "20191022"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.297.0", "result": null, "update": "20191022"}, "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update": "20190321"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20191021"}, "McAfee": {"detected": false, "version": "6.0.6.653", "result": null, "update": "20191022"}, "Malwarebytes": {"detected": false, "version": "2.1.1.1115", "result": null, "update": "20191022"}, "K7AntiVirus": {"detected": false, "version": "11.74.32332", "result": null, "update": "20191022"}, "K7GW": {"detected": false, "version": "11.74.32332", "result": null, "update": "20191022"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20190318"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20191022"}, "ESET-NOD32": {"detected": false, "version": "20221", "result": null, "update": "20191022"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20191022"}, "Avast": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20191022"}, "ClamAV": {"detected": false, "version": "0.102.0.0", "result": null, "update": "20191022"}, "Kaspersky": {"detected": false, "version": "15.0.1.13", "result": null, "update": "20191022"}, "BitDefender": {"detected": true, "version": "7.2", "result": "Application.IOS.Jailbreak.Q", "update": "20191022"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.24859", "result": null, "update": "20191022"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20191022"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20191018"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20191022"}, "Ad-Aware": {"detected": false, "version": "3.0.5.370", "result": null, "update": "20191022"}, "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update": "20191022"}, "Comodo": {"detected": false, "version": "31631", "result": null, "update": "20191021"}, "F-Secure": {"detected": false, "version": "12.0.86.52", "result": null, "update": "20191022"}, "DrWeb": {"detected": false, "version": "7.0.41.7240", "result": null, "update": "20191022"}, "Zillya": {"detected": false, "version": "2.0.0.3930", "result": null, "update": "20191021"}, "TrendMicro": {"detected": false, "version": "11.0.0.1006", "result": null, "update": "20191022"}, "McAfee-GW-Edition": {"detected": false, "version": "v2017.3010", "result": null, "update": "20191022"}, "FireEye": {"detected": true, "version": "29.7.0.0", "result": "Application.IOS.Jailbreak.Q", "update": "20191022"}, "Emsisoft": {"detected": true, "version": "2018.12.0.1641", "result": "Application.IOS.Jailbreak.Q (B)", "update": "20191022"}, "Cyren": {"detected": false, "version": "6.2.2.2", "result": null, "update": "20191022"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20191022"}, "MAX": {"detected": true, "version": "2019.9.16.1", "result": "malware (ai score=86)", "update": "20191022"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20191022"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20191022"}, "Microsoft": {"detected": false, "version": "1.1.16500.1", "result": null, "update": "20191022"}, "Arcabit": {"detected": true, "version": "1.0.0.861", "result": "Application.IOS.Jailbreak.Q", "update": "20191022"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20191022"}, "ZoneAlarm": {"detected": false, "version": "1.0", "result": null, "update": "20191022"}, "Avast-Mobile": {"detected": false, "version": "191012-04", "result": null, "update": "20191012"}, "GData": {"detected": true, "version": "A:25.23740B:26.16379", "result": "Application.IOS.Jailbreak.Q", "update": "20191022"}, "AhnLab-V3": {"detected": false, "version": "3.16.3.25410", "result": null, "update": "20191022"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20191022"}, "TACHYON": {"detected": false, "version": "2019-10-22.02", "result": null, "update": "20191022"}, "VBA32": {"detected": false, "version": "4.2.0", "result": null, "update": "20191022"}, "Zoner": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20191021"}, "Rising": {"detected": false, "version": "25.0.0.24", "result": null, "update": "20191022"}, "Yandex": {"detected": false, "version": "5.5.2.24", "result": null, "update": "20191022"}, "Ikarus": {"detected": false, "version": "0.1.5.2", "result": null, "update": "20191022"}, "MaxSecure": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20191021"}, "Fortinet": {"detected": false, "version": "5.4.247.0", "result": null, "update": "20191022"}, "AVG": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20191022"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20191021"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20191022"}}, "scan_id": "9db548074424473c5804d1118d27cd4f052db8b53b3e7c3261c1a903f521cbf1-1571741705", "sha1": "256483db20655a8c2922660a39cb80ec6136a936", "resource": "9db548074424473c5804d1118d27cd4f052db8b53b3e7c3261c1a903f521cbf1", "response_code": 1, "scan_date": "2019-10-22 10:55:05", "permalink": "https://www.virustotal.com/file/9db548074424473c5804d1118d27cd4f052db8b53b3e7c3261c1a903f521cbf1/analysis/1571741705/", "verbose_msg": "Scan finished, information embedded", "total": 54, "positives": 6, "sha256": "9db548074424473c5804d1118d27cd4f052db8b53b3e7c3261c1a903f521cbf1", "md5": "8c3ffa9385fa04fe6c751876ca120f04"}

@core-code

• flinto is reporting genio which is malware and should probably be removed. Also, it bypasses the macOS Sandbox. Ref: https://blog.malwarebytes.com/cybercrime/2015/08/genieo-installer-tricks-keychain/

• tribler is reporting paza which is adware related to MacKeeper. I'm sure you're familiar with them. Probably should be removed, as I think that's what has been done in the past with these scenarios. Ref: https://www.f-secure.com/sw-desc/adware_osx_paza.shtml

• axe-core is reporting the use of mining tools. Upon glancing at what it does, it's an accessibility tester, so this may be a false positive. AVs have been known to have problems with these types of tools, but I don't know otherwise of this one in specific.

• impactor is an old jailbreaking tool to sideload things into your iOS device. I don't know if it's even maintained anymore, as Cydia kinda went defunct. It's reporting jahlav-c, which is a DNS spoofer of sorts. It probably can be safely removed. I can archive in my repository just in case. BUT, I would argue that it probably doesn't have any legitimate purposes anymore (if it had any to begin with). Ref: https://www.securemac.com/osx/osxjahlav-c-dnschanger-trojan-horse
  Update: Reddit has information on impactor here - https://www.reddit.com/r/TweakBoxApp/comments/bdfhtx/meta_cydia_impactor_mega_thread/

https://github.com/Homebrew/homebrew-cask/pull/72488, https://github.com/Homebrew/homebrew-cask/pull/72489, https://github.com/Homebrew/homebrew-cask/pull/72490, https://github.com/Homebrew/homebrew-cask/pull/72491

thanks for taking care of this guys!

I am sorry, but removing impactor is stupid. It is still relevant for the jailbreak community and maintained. Please revert this merge.

• BUT, I would argue that it probably doesn't have any legitimate purposes anymore

It still has. So, add it back.

Relevant twitter thread: https://twitter.com/saurik/status/1196888477830221824

You can still use it with a paid account. And because unc0ver and other semi-untethered jailbreaks are still popular it still has a use case. And it will always have one, until nothing of it isn't working anymore.

removing impactor is stupid.

@TheNoim Please keep your language considerate and respectful. Mind that Homebrew maintainers are volunteers who usually act in good faith. Calling our efforts “stupid” not only feels disrespectful and demotivating but is also unlikely to help get your (otherwise fine) point across.

From Homebrew’s Code of Conduct:

We're thoughtful when addressing the efforts of others, keeping in mind that oftentimes their labor was completed simply for the good of the community.

We're respectful of others, their positions, their skills, their commitments, and their efforts. […] When we disagree, we are courteous in raising our issues.

Replace "stupid" with something from this list: https://www.thesaurus.com/browse/stupid?s=t

English is still not my main language and for me the word "stupid" doesn't have much impact. It was the first word falling into my mind so.

I would argue that it probably doesn't have any legitimate purposes anymore (if it had any to begin with)

I find this comment concerning, because Homebrew is a package manager, not a moderated App Store. I completely agree with the removal of malware, and as a user, it's good to see that this is taken seriously by the Homebrew maintainers.

However, passing comment on the relevance of packages available through Homebrew is concerning. I disagree with the statement about it's legitimate purposes (I could list loads, outside of jailbreaking), but the fact that personal opinion on the relevancy of the tools is being used when removing projects concerns me.

I don't believe that it's up to Homebrew to moderate the quality, or usage of tools or packages it hosts, outside of basic things like ensuring that they are malware free.

I find this comment concerning, because Homebrew is a package manager, not a moderated App Store.

However, passing comment on the relevance of packages available through Homebrew is concerning.

the fact that personal opinion on the relevancy of the tools is being used when removing projects concerns me.

@nullpixel Thanks for raising your concerns but I respectfully disagree. In both homebrew-core and -cask, maintainers have always been super picky about what to include, and have done so for several good reasons. Not only are new submissions vetted for notability before including them, but also existing casks may be re-evaluated sporadically. We do that to protect the project and its maintainers. Every single cask requires ongoing maintenance and work, which means we unfortunately need to prioritize.

It often happens that a cask is rejected or removed due to (perceived) lack of notability, or other reasons that may include some degree of personal judgement. In fact, this has happened so many times that we have a dedicated FAQ on the subject.

I don't believe that it's up to Homebrew to moderate the quality, or usage of tools or packages it hosts, outside of basic things like ensuring that they are malware free.

Strong objection against the latter. This point has already been made several times in this thread but as a refresher: Homebrew maintainers don’t ensure packages are malware free. The GitHub issue at hand is a (much appreciated!) ongoing volunteer effort of @core-code, which I strongly recommend you don’t take for granted. It’s not Homebrew’s responsibility to police packages for malware, or make any similar guarantees.

It’s not Homebrew’s responsibility to police packages for malware, or make any similar guarantees

Then why are you doing it?
If it isn't because of malware (which we must note it isn't malware), why did you remove it?

@wholivesinapineappleunderthesea there is a difference between trying to do something as good as possible and guaranteeing that it is always done perfectly

@claui: Thank you for that link to the FAQ, much appreciated.

We do that to protect the project and its maintainers. Every single cask requires ongoing maintenance and work, which means we unfortunately need to prioritize.

I completely agree with this, but I'm not sure how notability fits into this issue. I profoundly agree with the general sentiment - projects which require high maintenance, or undermine the whole project should definitely not be permitted. However, an app from a new developer may not be notable but still useful. Is it really fair if maintainer's opinion on a piece of work results in it not being distributed via Homebrew, providing it meets the other guidelines (i.e regarding maintainability)?

I'm also not sure at how I feel about this policy:

It’s not Homebrew’s responsibility to police packages for malware, or make any similar guarantees.

I would agree completely with this, if there were no moderation occurring at all. However, it seems strange that the maintainers will moderate notability, but not have a quick check for things such as malware? Potentially in the future this could even be automated - if someone had the time to write a CI which uploads a package to malware analysis sites, this could save the volunteers in this thread a lot of time and effort, freeing them up to do other things with Homebrew.

Anyway, these are clearly policy related discussions which don't really have a place here. I'd be happy to discuss this further somewhere else if you would like to, but I think we should try and keep this thread on topic.

I'd also like to be clear that I am extremely grateful for the efforts of everyone participating in this thread, and I do believe that the removal of impactor will be rectified (or discussed further as necessary) because I think everyone will agree that this issue does warrant more discussion on the appropriate pull request (#72491 and #73127)

@core-code I understand and thank you for your time, we all do. However we all know this is a false flag and the is little reason to remove the cask.
The tool has purpose and is developed by a very well respected developer, it isn't malware thus it shouldn't be left in its removed state because of that pretense.
Edit: Wrong place, mb

@wholivesinapineappleunderthesea appropriate discussions are already being held at #72491 and #73127, they're just awaiting a reply from a maintainer.

However we all know this is a false flag and the is little reason to remove the cask.

i never advocated to remove this particular cask, i just pointed out the virustotal result and asked for opinions.

Potentially in the future this could even be automated - if someone had the time to write a CI which uploads a package to malware analysis sites

i am sure pull requests to add this will be well received ;-)

i am sure pull requests to add this will be well received ;-)

It’s something I’d love to add if I ever get time!

i am sure pull requests to add this will be well received ;-)

They just need to accept the pr to revert the merge :P

removing impactor is stupid.

@TheNoim Please keep your language considerate and respectful. Mind that Homebrew maintainers are volunteers who usually act in good faith. Calling our efforts “stupid” not only feels disrespectful and demotivating but is also unlikely to help get your (otherwise fine) point across.

Is it really in good faith if the person can't be bothered to even look the tool up to see it's purpose?

I don't think so.

EDIT: I see that there are other discussion "threads", but my point still stands.

Thank you @claui and @core-code for taking the time to clarify our position. Couldn't have said it better myself. 🙏 I think there's a level of animosity that is uncalled for. There cannot be an expectation that HBC be knowledgable in every malware situation we encounter; especially if they relate to software specifics of a rather particular group of people. Even as an old Jailbreaker, I agree with @vitorgalvao decision to remove the cask; but I also wouldn't mind it being re-added, as @claui has stated in https://github.com/Homebrew/homebrew-cask/pull/73127#pullrequestreview-321981948.

For the record, I'd also like to add this from HBC's Apps that bundle malware

We are also open to removing casks where we feel there is enough evidence that the app is malicious. To suggest a cask for removal, submit a Pull Request to delete it, together with your reasoning. Typically, this will mean presenting a VirusTotal scan of the app showing it is malicious, ideally with some other reporting indicating it’s not a false positive.

if someone had the time to write a CI which uploads a package to malware analysis sites

@nullpixel Our ML system has a module that does checks the updates with Malice however it was never 100% completed but is functional. @core-code complements those efforts with his efforts to cross-check on VirusTotal.

@TheNoim

Replace "stupid" with something from this list: https://www.thesaurus.com/browse/stupid?s=t

English is still not my main language and for me the word "stupid" doesn't have much impact. It was the first word falling into my mind so.

If you acknowledge your dominion of the language is poorer, you should understand you’re more likely to be the one to make a communication faux pas and should be respectful regarding the error, not double down on the tone.

@nullpixel

but the fact that personal opinion on the relevancy of the tools is being used when removing projects concerns me.

I doesn’t need to concern you, because exclusion of a cask from the official repos in no way precludes you from maintaining the cask in a personal tap. Taps are one of the best features of Homebrew, precisely because they mean you’ll never be stuck with our decisions.

However, an app from a new developer may not be notable but still useful.

It can be the most useful app in the world. If almost no one uses it or knows about it, the maintenance cost of adding it to Homebrew isn’t worth it.

Is it really fair if maintainer's opinion on a piece of work results in it not being distributed via Homebrew

It’s not our opinion. We use external measures, such as Github stars. Is that a perfect? No, but it’s the best we have.

but not have a quick check for things such as malware?

That “quick check” takes time to do. They add up fast.

Potentially in the future this could even be automated - if someone had the time to write a CI which uploads a package to malware analysis sites, this could save the volunteers in this thread a lot of time and effort, freeing them up to do other things with Homebrew.

Yes, “someone”. Every advance in the project is accomplished when “someone” has the time to do it. Everyone can contribute, even you.

I'd also like to be clear that I am extremely grateful for the efforts of everyone participating in this thread

Thank you, and thank you for keeping your comments respectful.

@ran-dall

I think there's a level of animosity that is uncalled for

I agree! And that’s both a shame and uncalled for. I don’t remember the last time an easily revertible change drew out this kind of commentary from people who never contributed to Homebrew Cask. It’s giving me a bad impression of the jailbreaking community.

This thread is getting derailed and I’d like to get it back on track, as it’s useful. I’ll remove off topic comments after this one. If you have a complaint about a removal, open an issue—or bettter yet, a PR.

@Brandon-T Your assumptions are wrong on several fronts. Usually I’d explain my disagreement—especially because you were respectful and I appreciate the kind words—but I have no desire to keep wasting my time on this issue.

There’s no excuse for the abusive comments some users of this app lunged at the project and its people.

Apologies for removing your comment, but everyone was warned.

@Brandon-T I think all of us at work on HBC appreciate your kind words and constructive critique.

However, I think you misunderstand how HBC works. HBC works off a set of rules; simply, if a cask is having issues following the rules then it gets considered for deletion. I don't think it has anything to do with how useful something is, or if it's a jailbreaking tool, or a specific community uses it. Don't get me wrong, I'm sure it's something that definitely kept in mind, but there are several factors (like maintainer burden) that get taken into consideration.

That said, I think you should refer to https://github.com/Homebrew/homebrew-cask/pull/73127 and https://github.com/Homebrew/homebrew-cask/pull/72491.

Now let's drop it before we get into trouble...

UPDATE: TOO LATE | @vitorgalvao Sorry for responding, I was trying to put out the fire before it caused any more grief. Feel free to delete my comment too, if you'd like.

i hope its back to business as usual now ;)

new warnings this run:

debookee
https://www.virustotal.com/file/e4aecb9e4e8ac8cd295b0b1a29351f5577fd2e3b18f901f10ed5f62876afc676/analysis/1574189150/

kext-updater
https://www.virustotal.com/file/adcfdcf6501c31cbc745df749a6e873fc74f801cb7f7a6986577723de32a50cc/analysis/1574929902/

malus
https://www.virustotal.com/gui/url/11efb3dd275f53f8caa216f5716c417a3d3caee5c3ab168c19228a0738995d2c/detection

@core-code One would hope. 🤞

• debookee is reporting some packaged adware. I don't know the full extent of use for debookee but it appears to be a network analyzer. They appear to offer several levels of membership, so it could be possible that the free version is ad-supported? Maybe @core-code it would be wise to reach out to them? Either way, it's not really malware (its adware) from my brief review of the issue.

• kext-updater is reporting a new type of malware that I don't have much information on. kext-updater is a Hackintosh utility from a (German?) Hackintosh forum meant to install 3rd party kexts. It's hard to tell the extent to which this has been compromised; but if we're going to be on the safe side, we could probably remove it.

• malus is reporting malware but it's unspecific. Malus is a network/app accelerator (of sorts) for the people of China (according to Google Translate's English version of their website.) This would probably have to review more in-depth to check if it's packing legit malware; otherwise, it's hard to tell and could be false positive.

thanks @ran-dall i'll try reaching out to the debookee people.

another thing just came up. one of the top stories on 'hackernews' today is this:
https://telegra.ph/Private-Internet-Access-VPN-acquired-by-malware-business-founded-by-former-Israeli-spies-12-01

and we do have a 'private-internet-access' cask.

I’ll look into it shortly.

Sent from my iPhone

On Dec 2, 2019, at 8:10 AM, CoreCode notifications@github.com wrote:

thanks @ran-dall i'll try reaching out to the debookee people.

another thing just came up. one of the top stories on 'hackernews' today is this:
https://telegra.ph/Private-Internet-Access-VPN-acquired-by-malware-business-founded-by-former-Israeli-spies-12-01

and we do have a 'private-internet-access' cask.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.

@core-code I reviewed the article you mentioned, and it's quite startling; BUT as the article says...

Ultimately whether or not you trust Crossrider (Kape Technologies) as well as it's shareholders with the operation of your VPN is a personal decision and it is certainly one which can be seen as having no correct answer. Is it possible that Crossrider (Kape Technologies) will operate PIA without interference or malicious intention? It certainly is.

That said, I agree with the immediate sedatment afterwards.

However having said that as a privacy minded VPN customer like myself you might also consider some possible alternatives if the above information I have provided has cast any doubt in your mind concerning the new management at Private Internet Access.

However, I think HBC's position would leave the user to decide what he or her should or should not install on their company; so as long as they follow the rules, I don't then we should remove it on speculation.

I think HBC's position would leave the user to decide (…), I don't then we should remove it on speculation.

Yep. There’s further context provided by the co-founder of PIA. It’s up to users to decide if they believe it or not.

how about adding a caveat? a user may not be able to decide whether to believe them or not if he doesn't know the company has been acquired...

• debookee is reporting some packaged adware. I don't know the full extent of use for debookee but it appears to be a network analyzer. They appear to offer several levels of membership, so it could be possible that the free version is ad-supported? Maybe @core-code it would be wise to reach out to them? Either way, it's not really malware (its adware) from my brief review of the issue.

Hi guys, Debookee is a network analyzer indeed, which can perform a MITM attack (using ARP spoofing) in the goal of intercepting mobile devices traffic to analyze it.
Thus it's classification as _Android-Spyware_ probably

Debookee can not modify or inject network traffic, it's not it's goal. It's pure read only mode on traffic.
Also it can decrypt TLS traffic, but requires certificate to be installed on target devices in that case.

The use made by a network analyzer is clearly dependent of the intention of the _analyzer_, as it's the case for Wireshark...

Concerning Ad-Aware, my guess is that Virus Total doesn't have a _Network Analyzer_ category, there's absolutely no ad in free trial, nothing on screen in the app, and certainly not in the traffic.

Feel free for more info if needed !

thanks @debookee i'll put it on the false-positive list

@debookee Large round of applause 👏 for taking the time to write that too. Thanks! 🤘

Large round of applause for taking the time to get in touch with each developer !

i've run another scan.

kext-updater and malus have turned up again, but since no-one has voiced any suspicion that these might really be malicious i've put them on the false-positive list.

and then there is this, regarding the cask dia:
https://www.virustotal.com/gui/url/9d88fa9ff2be1d5327b377d6357566d3313dc66e11b2bb8239e4fb686fb72b2b/detection
but it only occurs on the URL and not the actual file

Fordia, I'm thinking it might just be a false positive based on something it might be doing.

another round:

VIRUSERROR: cSHA POSITIVES 1 chalk {"scans": {"Bkav": {"detected": false, "version": "1.3.0.9899", "result": null, "update": "20200113"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.297.0", "result": null, "update": "20200114"}, "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update": "20190321"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20200113"}, "McAfee": {"detected": false, "version": "6.0.6.653", "result": null, "update": "20200114"}, "Zillya": {"detected": false, "version": "2.0.0.3996", "result": null, "update": "20200113"}, "Sangfor": {"detected": false, "version": "1.0", "result": null, "update": "20200107"}, "K7AntiVirus": {"detected": false, "version": "11.86.33031", "result": null, "update": "20200114"}, "K7GW": {"detected": false, "version": "11.86.33031", "result": null, "update": "20200114"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20190318"}, "Cyren": {"detected": false, "version": "6.2.2.2", "result": null, "update": "20200114"}, "ESET-NOD32": {"detected": false, "version": "20668", "result": null, "update": "20200114"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20200114"}, "Avast": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20200114"}, "ClamAV": {"detected": false, "version": "0.102.1.0", "result": null, "update": "20200113"}, "Kaspersky": {"detected": false, "version": "15.0.1.13", "result": null, "update": "20200114"}, "BitDefender": {"detected": false, "version": "7.2", "result": null, "update": "20200114"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.25031", "result": null, "update": "20200114"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20200113"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20200114"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20200114"}, "Ad-Aware": {"detected": false, "version": "3.0.5.370", "result": null, "update": "20200114"}, "Comodo": {"detected": false, "version": "31961", "result": null, "update": "20200114"}, "F-Secure": {"detected": false, "version": "12.0.86.52", "result": null, "update": "20200114"}, "DrWeb": {"detected": false, "version": "7.0.44.12030", "result": null, "update": "20200114"}, "VIPRE": {"detected": false, "version": "80770", "result": null, "update": "20200114"}, "TrendMicro": {"detected": false, "version": "11.0.0.1006", "result": null, "update": "20200114"}, "McAfee-GW-Edition": {"detected": false, "version": "v2017.3010", "result": null, "update": "20200114"}, "FireEye": {"detected": false, "version": "29.7.0.0", "result": null, "update": "20200114"}, "Emsisoft": {"detected": false, "version": "2018.12.0.1641", "result": null, "update": "20200114"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20200114"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20200114"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20200114"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20200114"}, "Microsoft": {"detected": false, "version": "1.1.16600.7", "result": null, "update": "20200114"}, "Arcabit": {"detected": false, "version": "1.0.0.869", "result": null, "update": "20200114"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20200112"}, "ZoneAlarm": {"detected": false, "version": "1.0", "result": null, "update": "20200114"}, "Avast-Mobile": {"detected": false, "version": "200113-00", "result": null, "update": "20200113"}, "GData": {"detected": false, "version": "A:25.24568B:26.17352", "result": null, "update": "20200114"}, "TACHYON": {"detected": false, "version": "2020-01-14.02", "result": null, "update": "20200114"}, "AhnLab-V3": {"detected": false, "version": "3.17.0.26111", "result": null, "update": "20200114"}, "VBA32": {"detected": false, "version": "4.3.0", "result": null, "update": "20200113"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20200114"}, "MAX": {"detected": true, "version": "2019.9.16.1", "result": "malware (ai score=61)", "update": "20200114"}, "Zoner": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20200113"}, "Rising": {"detected": false, "version": "25.0.0.24", "result": null, "update": "20200114"}, "Yandex": {"detected": false, "version": "5.5.2.24", "result": null, "update": "20200113"}, "Ikarus": {"detected": false, "version": "0.1.5.2", "result": null, "update": "20200113"}, "Fortinet": {"detected": false, "version": "6.2.137.0", "result": null, "update": "20200114"}, "BitDefenderTheta": {"detected": false, "version": "7.2.37796.0", "result": null, "update": "20200113"}, "AVG": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20200114"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20200113"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20200114"}}, "scan_id": "040d6cb7891121fd16f1628632bfd94537483bd4e28bc05b8c831e8de734374c-1578987243", "sha1": "34bfe291506fd146586631aa232f35f9817e8ed8", "resource": "040d6cb7891121fd16f1628632bfd94537483bd4e28bc05b8c831e8de734374c", "response_code": 1, "scan_date": "2020-01-14 07:34:03", "permalink": "https://www.virustotal.com/file/040d6cb7891121fd16f1628632bfd94537483bd4e28bc05b8c831e8de734374c/analysis/1578987243/", "verbose_msg": "Scan finished, information embedded", "total": 54, "positives": 1, "sha256": "040d6cb7891121fd16f1628632bfd94537483bd4e28bc05b8c831e8de734374c", "md5": "58ca9fb03bbc6e29dc58280f3356c76d"}
VIRUSERROR: cSHA POSITIVES 1 smartgit {"scans": {"Bkav": {"detected": false, "version": "1.3.0.9899", "result": null, "update": "20200115"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.297.0", "result": null, "update": "20200115"}, "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update": "20190321"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20200114"}, "McAfee": {"detected": false, "version": "6.0.6.653", "result": null, "update": "20200115"}, "Zillya": {"detected": false, "version": "2.0.0.3996", "result": null, "update": "20200113"}, "Sangfor": {"detected": false, "version": "1.0", "result": null, "update": "20200114"}, "K7AntiVirus": {"detected": false, "version": "11.86.33045", "result": null, "update": "20200115"}, "K7GW": {"detected": false, "version": "11.86.33045", "result": null, "update": "20200115"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20190318"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20200115"}, "Symantec": {"detected": false, "version": "1.11.0.0", "result": null, "update": "20200115"}, "ESET-NOD32": {"detected": false, "version": "20673", "result": null, "update": "20200115"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20200115"}, "ClamAV": {"detected": false, "version": "0.102.1.0", "result": null, "update": "20200114"}, "BitDefender": {"detected": false, "version": "7.2", "result": null, "update": "20200115"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.25031", "result": null, "update": "20200115"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20200115"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20200115"}, "Rising": {"detected": false, "version": "25.0.0.24", "result": null, "update": "20200114"}, "Ad-Aware": {"detected": false, "version": "3.0.5.370", "result": null, "update": "20200115"}, "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update": "20200115"}, "Comodo": {"detected": false, "version": "31965", "result": null, "update": "20200115"}, "F-Secure": {"detected": false, "version": "12.0.86.52", "result": null, "update": "20200114"}, "DrWeb": {"detected": false, "version": "7.0.44.12030", "result": null, "update": "20200115"}, "VIPRE": {"detected": false, "version": "80792", "result": null, "update": "20200115"}, "TrendMicro": {"detected": false, "version": "11.0.0.1006", "result": null, "update": "20200115"}, "McAfee-GW-Edition": {"detected": false, "version": "v2017.3010", "result": null, "update": "20200115"}, "FireEye": {"detected": false, "version": "29.7.0.0", "result": null, "update": "20200115"}, "Emsisoft": {"detected": false, "version": "2018.12.0.1641", "result": null, "update": "20200115"}, "Cyren": {"detected": false, "version": "6.2.2.2", "result": null, "update": "20200115"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20200114"}, "Avira": {"detected": false, "version": "8.3.3.8", "result": null, "update": "20200114"}, "MAX": {"detected": true, "version": "2019.9.16.1", "result": "malware (ai score=64)", "update": "20200115"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20200115"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20200115"}, "Microsoft": {"detected": false, "version": "1.1.16600.7", "result": null, "update": "20200114"}, "Arcabit": {"detected": false, "version": "1.0.0.869", "result": null, "update": "20200115"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20200112"}, "Avast-Mobile": {"detected": false, "version": "200114-00", "result": null, "update": "20200114"}, "GData": {"detected": false, "version": "A:25.24579B:26.17365", "result": null, "update": "20200115"}, "AhnLab-V3": {"detected": false, "version": "3.17.0.26111", "result": null, "update": "20200115"}, "VBA32": {"detected": false, "version": "4.3.0", "result": null, "update": "20200114"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20200115"}, "TACHYON": {"detected": false, "version": "2020-01-15.01", "result": null, "update": "20200115"}, "Zoner": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20200114"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20200115"}, "Yandex": {"detected": false, "version": "5.5.2.24", "result": null, "update": "20200114"}, "Ikarus": {"detected": false, "version": "0.1.5.2", "result": null, "update": "20200114"}, "Fortinet": {"detected": false, "version": "6.2.137.0", "result": null, "update": "20200115"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20200114"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20200115"}}, "scan_id": "8659e246f010accc96a225f52851bd83b3dda4e1ae20e364019bb405c25c2313-1579073056", "sha1": "142d8a6b4c24d9a8da79e17e70ce85152ac9983d", "resource": "8659e246f010accc96a225f52851bd83b3dda4e1ae20e364019bb405c25c2313", "response_code": 1, "scan_date": "2020-01-15 07:24:16", "permalink": "https://www.virustotal.com/file/8659e246f010accc96a225f52851bd83b3dda4e1ae20e364019bb405c25c2313/analysis/1579073056/", "verbose_msg": "Scan finished, information embedded", "total": 52, "positives": 1, "sha256": "8659e246f010accc96a225f52851bd83b3dda4e1ae20e364019bb405c25c2313", "md5": "b06cb5d2e266f4d99d384d63bd768394"}
VIRUSERROR: cSHA POSITIVES 5 crossover {"scans": {"Bkav": {"detected": false, "version": "1.3.0.9899", "result": null, "update": "20200110"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.297.0", "result": null, "update": "20200110"}, "CAT-QuickHeal": {"detected": true, "version": "14.00", "result": "PUA.WacapewPMF.S9656329", "update": "20200110"}, "Zillya": {"detected": false, "version": "2.0.0.3994", "result": null, "update": "20200110"}, "Sangfor": {"detected": true, "version": "1.0", "result": "Malware", "update": "20200107"}, "Trustlook": {"detected": false, "version": "1.0", "result": null, "update": "20200110"}, "Alibaba": {"detected": false, "version": "0.3.0.5", "result": null, "update": "20190527"}, "K7GW": {"detected": true, "version": "11.86.33014", "result": "Riskware ( 0040eff71 )", "update": "20200110"}, "K7AntiVirus": {"detected": true, "version": "11.86.33012", "result": "Riskware ( 0040eff71 )", "update": "20200110"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20190318"}, "Cyren": {"detected": false, "version": "6.2.2.2", "result": null, "update": "20200110"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20200110"}, "Avast": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20200110"}, "ClamAV": {"detected": false, "version": "0.102.1.0", "result": null, "update": "20200110"}, "Kaspersky": {"detected": false, "version": "15.0.1.13", "result": null, "update": "20200110"}, "BitDefender": {"detected": false, "version": "7.2", "result": null, "update": "20200110"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.25031", "result": null, "update": "20200110"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20200110"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20200103"}, "Ad-Aware": {"detected": false, "version": "3.0.5.370", "result": null, "update": "20200110"}, "Emsisoft": {"detected": false, "version": "2018.12.0.1641", "result": null, "update": "20200110"}, "DrWeb": {"detected": false, "version": "7.0.42.9300", "result": null, "update": "20200110"}, "VIPRE": {"detected": false, "version": "80684", "result": null, "update": "20200110"}, "TrendMicro": {"detected": false, "version": "11.0.0.1006", "result": null, "update": "20200110"}, "Sophos": {"detected": true, "version": "4.98.0", "result": "Mal/Generic-S", "update": "20200110"}, "SentinelOne": {"detected": false, "version": "1.12.1.57", "result": null, "update": "20191218"}, "Avira": {"detected": false, "version": "8.3.3.8", "result": null, "update": "20200110"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20200110"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20200110"}, "Arcabit": {"detected": false, "version": "1.0.0.869", "result": null, "update": "20200110"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20200110"}, "ZoneAlarm": {"detected": false, "version": "1.0", "result": null, "update": "20200110"}, "Avast-Mobile": {"detected": false, "version": "200110-00", "result": null, "update": "20200110"}, "AhnLab-V3": {"detected": false, "version": "3.17.0.26111", "result": null, "update": "20200110"}, "MAX": {"detected": false, "version": "2019.9.16.1", "result": null, "update": "20200110"}, "Zoner": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20200109"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20200110"}, "TACHYON": {"detected": false, "version": "2020-01-10.02", "result": null, "update": "20200110"}, "Fortinet": {"detected": false, "version": "6.2.137.0", "result": null, "update": "20200110"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20200110"}}, "scan_id": "dbf263f75f2e61bcb19062b86bbbbd32cf8e474be853082bc681bca780a08643-1578687245", "sha1": "566eeb65dc82f67b3833c4dc09cea2c009d995f0", "resource": "dbf263f75f2e61bcb19062b86bbbbd32cf8e474be853082bc681bca780a08643", "response_code": 1, "scan_date": "2020-01-10 20:14:05", "permalink": "https://www.virustotal.com/file/dbf263f75f2e61bcb19062b86bbbbd32cf8e474be853082bc681bca780a08643/analysis/1578687245/", "verbose_msg": "Scan finished, information embedded", "total": 40, "positives": 5, "sha256": "dbf263f75f2e61bcb19062b86bbbbd32cf8e474be853082bc681bca780a08643", "md5": "2a6b6f336f8234534e345f85d85c4e85"}
VIRUSERROR: cSHA POSITIVES 9 wasabi-wallet {"scans": {"Bkav": {"detected": false, "version": "1.3.0.9899", "result": null, "update": "20200104"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.297.0", "result": null, "update": "20200106"}, "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update": "20190321"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20200105"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20200106"}, "Malwarebytes": {"detected": false, "version": "2.1.1.1115", "result": null, "update": "20200106"}, "Zillya": {"detected": false, "version": "2.0.0.3990", "result": null, "update": "20200103"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20191220"}, "Sangfor": {"detected": false, "version": "1.0", "result": null, "update": "20191224"}, "K7AntiVirus": {"detected": false, "version": "11.85.32951", "result": null, "update": "20200106"}, "K7GW": {"detected": false, "version": "11.85.32951", "result": null, "update": "20200106"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20190318"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20200106"}, "Symantec": {"detected": false, "version": "1.11.0.0", "result": null, "update": "20191220"}, "ESET-NOD32": {"detected": false, "version": "20625", "result": null, "update": "20200106"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20200106"}, "Avast": {"detected": true, "version": "18.4.3895.0", "result": "MacOS:Miner-AR [PUP]", "update": "20200106"}, "ClamAV": {"detected": false, "version": "0.102.1.0", "result": null, "update": "20200105"}, "Kaspersky": {"detected": true, "version": "15.0.1.13", "result": "not-a-virus:HEUR:RiskTool.OSX.Miner.p", "update": "20200106"}, "BitDefender": {"detected": true, "version": "7.2", "result": "Gen:Variant.Application.MAC.Koiot.798", "update": "20200106"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.25031", "result": null, "update": "20200106"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20200106"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20200106"}, "Ad-Aware": {"detected": false, "version": "3.0.5.370", "result": null, "update": "20200106"}, "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update": "20200106"}, "Comodo": {"detected": false, "version": "31929", "result": null, "update": "20200106"}, "F-Secure": {"detected": false, "version": "12.0.86.52", "result": null, "update": "20200106"}, "DrWeb": {"detected": false, "version": "7.0.42.9300", "result": null, "update": "20200106"}, "VIPRE": {"detected": false, "version": "80578", "result": null, "update": "20200106"}, "TrendMicro": {"detected": false, "version": "11.0.0.1006", "result": null, "update": "20200106"}, "McAfee-GW-Edition": {"detected": false, "version": "v2017.3010", "result": null, "update": "20200106"}, "FireEye": {"detected": true, "version": "29.7.0.0", "result": "Gen:Variant.Application.MAC.Koiot.798", "update": "20200106"}, "Emsisoft": {"detected": false, "version": "2018.12.0.1641", "result": null, "update": "20200106"}, "Cyren": {"detected": false, "version": "6.2.2.2", "result": null, "update": "20200106"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20200106"}, "Avira": {"detected": false, "version": "8.3.3.8", "result": null, "update": "20200106"}, "MAX": {"detected": true, "version": "2019.9.16.1", "result": "malware (ai score=89)", "update": "20200106"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20200106"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20200106"}, "Microsoft": {"detected": false, "version": "1.1.16600.7", "result": null, "update": "20200106"}, "Arcabit": {"detected": true, "version": "1.0.0.865", "result": "Trojan.Application.MAC.Koiot.798", "update": "20200106"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20200103"}, "ZoneAlarm": {"detected": true, "version": "1.0", "result": "not-a-virus:HEUR:RiskTool.OSX.Miner.p", "update": "20200106"}, "Avast-Mobile": {"detected": false, "version": "200102-00", "result": null, "update": "20200102"}, "GData": {"detected": true, "version": "A:25.24489B:26.17258", "result": "Gen:Variant.Application.MAC.Koiot.798", "update": "20200106"}, "AhnLab-V3": {"detected": false, "version": "3.17.0.26111", "result": null, "update": "20200106"}, "McAfee": {"detected": false, "version": "6.0.6.653", "result": null, "update": "20200106"}, "TACHYON": {"detected": false, "version": "2020-01-06.02", "result": null, "update": "20200106"}, "VBA32": {"detected": false, "version": "4.3.0", "result": null, "update": "20200104"}, "Zoner": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20200106"}, "Rising": {"detected": false, "version": "25.0.0.24", "result": null, "update": "20200106"}, "Yandex": {"detected": false, "version": "5.5.2.24", "result": null, "update": "20200104"}, "Ikarus": {"detected": false, "version": "0.1.5.2", "result": null, "update": "20200105"}, "Fortinet": {"detected": false, "version": "6.2.137.0", "result": null, "update": "20191231"}, "BitDefenderTheta": {"detected": false, "version": "7.2.37796.0", "result": null, "update": "20191223"}, "AVG": {"detected": true, "version": "18.4.3895.0", "result": "MacOS:Miner-AR [PUP]", "update": "20200106"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20200105"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20200106"}}, "scan_id": "ce5f2dc33745b50ccd516b56618fa615b7ecae7d70b3877b43ecb2f67ae73065-1578299147", "sha1": "8b5dd5113b014231de612a748d0168ca70c2611f", "resource": "ce5f2dc33745b50ccd516b56618fa615b7ecae7d70b3877b43ecb2f67ae73065", "response_code": 1, "scan_date": "2020-01-06 08:25:47", "permalink": "https://www.virustotal.com/file/ce5f2dc33745b50ccd516b56618fa615b7ecae7d70b3877b43ecb2f67ae73065/analysis/1578299147/", "verbose_msg": "Scan finished, information embedded", "total": 58, "positives": 9, "sha256": "ce5f2dc33745b50ccd516b56618fa615b7ecae7d70b3877b43ecb2f67ae73065", "md5": "160b8695c72d281e230f4a2f2f07550f"}

@core-code I'll look into it here in a few...

@core-code

• Chalk and SmartGit are being reported as suspicious by MAX. I'm not able to determine exactly what's being reported though; because they aren't reporting by anything else.. Therefore, I think these most likely to be false positives.
• CrossOver is reporting some malware that typically only affect Windows computers. Given the nature of the program in question, it's hard to determine if this is by design or it's really breached. I will reach out to CrossOver and get clarification, however, I would suspect that even if this was malware, we on the macOS platform would probably not be affected; and/or the problem would likely be very isolated.
• Wasabi Wallet is reporting suspicious mining being packaged in with the application. Again, given the nature of this application, it's hard to determine if this is by design or it's really breached. I will reach out to Wasabi Wallet as well.

Once I have more information, I will post it here.

i think 'avast-security' fulfils every possible definition of "spyware":

https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation

i think 'avast-security' fulfils every possible definition of "spyware":

...and unethical and shady business practice. ☠️

Shortly after, browser makers Mozilla, Opera, and Google removed Avast's and subsidiary AVG's extensions from their respective browser extension stores.

@core-code So we're suggesting removal? I would second that opinion if you do...

I hope I'm allowed to respond to a removed cask here, or that I should open a new issue.

Tribler was recently removed; after scanning malware has been removed:
https://www.virustotal.com/gui/file/79fec1f261135239f01fd0554892eb29862f69009c260fca99b2fbcfe5b58909/detection

Perhaps #72489 could be restored and set to the 7.4.4 version?

_Off-topic: Thank all of you for scanning the casks regularly, you keep us safe and I'm really thankful._

@winfried-van-loon Sorry for the delay in responding. I don't see a problem with this. Perhaps @core-code or @vitorgalvao you'd like to share an opinion? Otherwise, I'll submit the PR for you tomorrow, if you don't know how...

Off-topic: Thank all of you for scanning the casks regularly, you keep us safe and I'm really thankful.

👍 Really appreciate that! It's folk like you that make the effort and time investment worth it.

happy to see tribler re-added - i think this was a false-positive anyway, but its really up to @vitorgalvao

The cask wasn’t really popular to begin with, but I’m fine with adding it back.

i have been continuing to run the VirusTotal checks but didn't find any new 'hits'.

one new thing - i've posted a stand-alone CLI tool to run the checks here in case someone else wants to do the same:

https://github.com/core-code/VirusCheckHBC

if one cask app installs another app without user consent? this is allowed?

if one cask app

whats a 'cask app'?

installs another app without user consent? this is allowed?

any non-sandboxed app can do anything without your consent.

this has always been allowed though Apple has slowly been adding restrictions even for non-sandboxed apps in recent releases

@core-code Just wondering whether an app that serves _legally_ your computer as part of a botnet should be allowed, since HolaVPN is a major offender of shady practices and still has a really strange clauses in their EULA...

_In return for free usage of Hola Free VPN Proxy, Hola Fake GPS location and Hola Video Accelerator, you may be a peer on the Luminati network. By doing so you agree to have read and accepted the terms of service of the Luminati SDK SLA. You may opt out by becoming a Premium user._

Also, it's not a very popular cask anymore...

@neeldug i don't decide which apps are 'allowed', i just run the VirusTotal checks - where HolaVPN comes out fine ( https://www.virustotal.com/gui/file/a8f2468919174684210773ae01cc375feec8b83ccebfbd547c6bd230f2fd9b5f/detection ). if you think HolaVPN is malware and needs to be removed please open a issue on our bug tracker. however from what you've written i don't think it would classify as 'malware'.

two new positives in the scan:

VIRUSERROR: cSHA POSITIVES 2 thebrain {"scans": {"Bkav": {"detected": false, "version": "1.3.0.9899", "result": null, "update": "20200806"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.409.0", "result": null, "update": "20200806"}, "CMC": {"detected": false, "version": "2.7.2019.1", "result": null, "update": "20200805"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20200806"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20200806"}, "Malwarebytes": {"detected": false, "version": "3.6.4.335", "result": null, "update": "20200806"}, "Zillya": {"detected": false, "version": "2.0.0.4148", "result": null, "update": "20200805"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20200806"}, "Sangfor": {"detected": false, "version": "1.0", "result": null, "update": "20200423"}, "K7AntiVirus": {"detected": false, "version": "11.128.34908", "result": null, "update": "20200805"}, "K7GW": {"detected": false, "version": "11.127.34901", "result": null, "update": "20200805"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20190318"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20200806"}, "Symantec": {"detected": false, "version": "1.11.0.0", "result": null, "update": "20200805"}, "ESET-NOD32": {"detected": false, "version": "21771", "result": null, "update": "20200805"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20200806"}, "Avast": {"detected": true, "version": "18.4.3895.0", "result": "Win32:Evo-gen [Susp]", "update": "20200806"}, "ClamAV": {"detected": false, "version": "0.102.4.0", "result": null, "update": "20200805"}, "Kaspersky": {"detected": false, "version": "15.0.1.13", "result": null, "update": "20200806"}, "BitDefender": {"detected": false, "version": "7.2", "result": null, "update": "20200806"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.25119", "result": null, "update": "20200806"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20200805"}, "Rising": {"detected": false, "version": "25.0.0.26", "result": null, "update": "20200806"}, "Ad-Aware": {"detected": false, "version": "3.0.5.370", "result": null, "update": "20200806"}, "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update": "20200806"}, "Comodo": {"detected": false, "version": "32668", "result": null, "update": "20200728"}, "DrWeb": {"detected": false, "version": "7.0.46.3050", "result": null, "update": "20200806"}, "VIPRE": {"detected": false, "version": "85726", "result": null, "update": "20200806"}, "TrendMicro": {"detected": false, "version": "11.0.0.1006", "result": null, "update": "20200806"}, "FireEye": {"detected": false, "version": "32.36.1.0", "result": null, "update": "20200806"}, "Emsisoft": {"detected": false, "version": "2018.12.0.1641", "result": null, "update": "20200806"}, "Cyren": {"detected": false, "version": "6.3.0.2", "result": null, "update": "20200806"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20200805"}, "Avira": {"detected": false, "version": "8.3.3.8", "result": null, "update": "20200806"}, "MAX": {"detected": false, "version": "2019.9.16.1", "result": null, "update": "20200806"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20200806"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20200806"}, "Microsoft": {"detected": false, "version": "1.1.17300.4", "result": null, "update": "20200806"}, "Arcabit": {"detected": false, "version": "1.0.0.877", "result": null, "update": "20200806"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20200731"}, "ZoneAlarm": {"detected": false, "version": "1.0", "result": null, "update": "20200806"}, "Avast-Mobile": {"detected": false, "version": "200805-00", "result": null, "update": "20200805"}, "GData": {"detected": false, "version": "A:25.26486B:27.19699", "result": null, "update": "20200806"}, "Cynet": {"detected": false, "version": "4.0.0.24", "result": null, "update": "20200806"}, "AhnLab-V3": {"detected": false, "version": "3.18.1.10026", "result": null, "update": "20200805"}, "McAfee": {"detected": false, "version": "6.0.6.653", "result": null, "update": "20200806"}, "TACHYON": {"detected": false, "version": "2020-08-06.01", "result": null, "update": "20200806"}, "VBA32": {"detected": false, "version": "4.4.1", "result": null, "update": "20200805"}, "Zoner": {"detected": false, "version": "0.0.0.0", "result": null, "update": "20200805"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20200806"}, "Yandex": {"detected": false, "version": "5.5.2.24", "result": null, "update": "20200707"}, "Ikarus": {"detected": false, "version": "0.1.5.2", "result": null, "update": "20200805"}, "MaxSecure": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20200805"}, "Fortinet": {"detected": false, "version": "6.2.142.0", "result": null, "update": "20200806"}, "BitDefenderTheta": {"detected": false, "version": "7.2.37796.0", "result": null, "update": "20200805"}, "AVG": {"detected": true, "version": "18.4.3895.0", "result": "Win32:Evo-gen [Susp]", "update": "20200806"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20200805"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20200806"}}, "scan_id": "7880e943c0670b2437908d59fe696968d5468a75489678a3b0319e463a37d2e1-1596683893", "sha1": "2b82510014d1ab65381fca9d453b54ec7c1b465b", "resource": "7880e943c0670b2437908d59fe696968d5468a75489678a3b0319e463a37d2e1", "response_code": 1, "scan_date": "2020-08-06 03:18:13", "permalink": "https://www.virustotal.com/gui/file/7880e943c0670b2437908d59fe696968d5468a75489678a3b0319e463a37d2e1/detection/f-7880e943c0670b2437908d59fe696968d5468a75489678a3b0319e463a37d2e1-1596683893", "verbose_msg": "Scan finished, information embedded", "total": 58, "positives": 2, "sha256": "7880e943c0670b2437908d59fe696968d5468a75489678a3b0319e463a37d2e1", "md5": "c2575d1f322a8ac743bd1715460ccf7d"}
VIRUSERROR: cSHA POSITIVES 3 cleanmymac {"scans": {"Bkav": {"detected": false, "version": "1.3.0.9899", "result": null, "update": "20200908"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.409.0", "result": null, "update": "20200908"}, "CMC": {"detected": false, "version": "2.7.2019.1", "result": null, "update": "20200908"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20200908"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20200908"}, "Malwarebytes": {"detected": false, "version": "3.6.4.335", "result": null, "update": "20200908"}, "Zillya": {"detected": false, "version": "2.0.0.4171", "result": null, "update": "20200908"}, "Sangfor": {"detected": false, "version": "1.0", "result": null, "update": "20200814"}, "K7AntiVirus": {"detected": false, "version": "11.135.35199", "result": null, "update": "20200908"}, "K7GW": {"detected": false, "version": "11.135.35200", "result": null, "update": "20200908"}, "Invincea": {"detected": false, "version": "1.0.1.0", "result": null, "update": "20200908"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20190318"}, "Cyren": {"detected": false, "version": "6.3.0.2", "result": null, "update": "20200908"}, "Symantec": {"detected": false, "version": "1.12.0.0", "result": null, "update": "20200908"}, "ESET-NOD32": {"detected": false, "version": "21956", "result": null, "update": "20200908"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20200908"}, "Avast": {"detected": true, "version": "18.4.3895.0", "result": "MacOS:PuAgent-AZ [PUP]", "update": "20200908"}, "ClamAV": {"detected": false, "version": "0.102.4.0", "result": null, "update": "20200908"}, "Kaspersky": {"detected": false, "version": "15.0.1.13", "result": null, "update": "20200908"}, "BitDefender": {"detected": false, "version": "7.2", "result": null, "update": "20200908"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.25140", "result": null, "update": "20200908"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20200908"}, "AegisLab": {"detected": true, "version": "4.2", "result": "Trojan.UKP.Generic.4!c", "update": "20200908"}, "Rising": {"detected": false, "version": "25.0.0.26", "result": null, "update": "20200908"}, "Ad-Aware": {"detected": false, "version": "3.0.16.117", "result": null, "update": "20200908"}, "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update": "20200908"}, "Comodo": {"detected": false, "version": "32668", "result": null, "update": "20200728"}, "F-Secure": {"detected": false, "version": "12.0.86.52", "result": null, "update": "20200908"}, "DrWeb": {"detected": false, "version": "7.0.48.8080", "result": null, "update": "20200908"}, "VIPRE": {"detected": false, "version": "86536", "result": null, "update": "20200908"}, "TrendMicro": {"detected": false, "version": "11.0.0.1006", "result": null, "update": "20200908"}, "FireEye": {"detected": false, "version": "32.36.1.0", "result": null, "update": "20200908"}, "Emsisoft": {"detected": false, "version": "2018.12.0.1641", "result": null, "update": "20200908"}, "Ikarus": {"detected": false, "version": "0.1.5.2", "result": null, "update": "20200908"}, "GData": {"detected": false, "version": "A:25.26934B:27.20098", "result": null, "update": "20200908"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20200908"}, "Avira": {"detected": false, "version": "8.3.3.8", "result": null, "update": "20200908"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20200908"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20200908"}, "Arcabit": {"detected": false, "version": "1.0.0.881", "result": null, "update": "20200908"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20200904"}, "ZoneAlarm": {"detected": false, "version": "1.0", "result": null, "update": "20200908"}, "Microsoft": {"detected": false, "version": "1.1.17400.5", "result": null, "update": "20200908"}, "Cynet": {"detected": false, "version": "4.0.0.24", "result": null, "update": "20200905"}, "AhnLab-V3": {"detected": false, "version": "3.18.1.10026", "result": null, "update": "20200908"}, "BitDefenderTheta": {"detected": false, "version": "7.2.37796.0", "result": null, "update": "20200902"}, "MAX": {"detected": false, "version": "2019.9.16.1", "result": null, "update": "20200908"}, "VBA32": {"detected": false, "version": "4.4.1", "result": null, "update": "20200908"}, "Zoner": {"detected": false, "version": "0.0.0.0", "result": null, "update": "20200908"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20200908"}, "Yandex": {"detected": false, "version": "5.5.2.24", "result": null, "update": "20200907"}, "TACHYON": {"detected": false, "version": "2020-09-08.02", "result": null, "update": "20200908"}, "MaxSecure": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20200908"}, "Fortinet": {"detected": false, "version": "6.2.142.0", "result": null, "update": "20200908"}, "AVG": {"detected": true, "version": "18.4.3895.0", "result": "MacOS:PuAgent-AZ [PUP]", "update": "20200908"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20200908"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20200908"}}, "scan_id": "35a2488c1ecacce2e367d5457e0384c381e24003c305f8a0034b61bfc52747f8-1599588218", "sha1": "a68ed04b9516964664e5a04acbe19b80e15a1c18", "resource": "35a2488c1ecacce2e367d5457e0384c381e24003c305f8a0034b61bfc52747f8", "response_code": 1, "scan_date": "2020-09-08 18:03:38", "permalink": "https://www.virustotal.com/gui/file/35a2488c1ecacce2e367d5457e0384c381e24003c305f8a0034b61bfc52747f8/detection/f-35a2488c1ecacce2e367d5457e0384c381e24003c305f8a0034b61bfc52747f8-1599588218", "verbose_msg": "Scan finished, information embedded", "total": 57, "positives": 3, "sha256": "35a2488c1ecacce2e367d5457e0384c381e24003c305f8a0034b61bfc52747f8", "md5": "2552c9e559d90114ba8de4fb79c208c9"}

thebrain looks like a false positive because it talks about win32 although its a mac app, but i'd like confirmation before excluding it from the check

cleanmymac seems like a difficult case. there is lengthy info here:
https://support.avg.com/answers?id=9060N000000gf0TQAQ
and a justification for calling it PuP here:
https://customer.appesteem.com/deceptors

next run:

VIRUSERROR: cSHA POSITIVES 1 disk-drill {"scans": {"Bkav": {"detected": false, "version": "1.3.0.9899", "result": null, "update": "20201007"}, "Elastic": {"detected": false, "version": "4.0.10", "result": null, "update": "20201006"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.409.0", "result": null, "update": "20201008"}, "FireEye": {"detected": false, "version": "32.36.1.0", "result": null, "update": "20201008"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20201007"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20201008"}, "Malwarebytes": {"detected": false, "version": "3.6.4.335", "result": null, "update": "20201008"}, "Zillya": {"detected": false, "version": "2.0.0.4194", "result": null, "update": "20201007"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20201008"}, "Sangfor": {"detected": false, "version": "1.0", "result": null, "update": "20200814"}, "Trustlook": {"detected": false, "version": "1.0", "result": null, "update": "20201008"}, "Alibaba": {"detected": false, "version": "0.3.0.5", "result": null, "update": "20190527"}, "K7GW": {"detected": false, "version": "11.144.35395", "result": null, "update": "20201008"}, "K7AntiVirus": {"detected": false, "version": "11.144.35393", "result": null, "update": "20201007"}, "Invincea": {"detected": false, "version": "1.0.1.0", "result": null, "update": "20201008"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20190318"}, "Cyren": {"detected": false, "version": "6.3.0.2", "result": null, "update": "20201007"}, "Symantec": {"detected": false, "version": "1.12.0.0", "result": null, "update": "20201007"}, "TotalDefense": {"detected": false, "version": "37.1.62.1", "result": null, "update": "20201007"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20201008"}, "Avast": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20201008"}, "ClamAV": {"detected": false, "version": "0.102.3.0", "result": null, "update": "20201007"}, "Kaspersky": {"detected": false, "version": "15.0.1.13", "result": null, "update": "20201008"}, "BitDefender": {"detected": false, "version": "7.2", "result": null, "update": "20201008"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.25169", "result": null, "update": "20201008"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20201002"}, "Ad-Aware": {"detected": false, "version": "3.0.16.117", "result": null, "update": "20201008"}, "Emsisoft": {"detected": false, "version": "2018.12.0.1641", "result": null, "update": "20201007"}, "Comodo": {"detected": false, "version": "32876", "result": null, "update": "20201007"}, "F-Secure": {"detected": true, "version": "12.0.86.52", "result": "Adware:OSX/Paza", "update": "20201008"}, "DrWeb": {"detected": false, "version": "7.0.49.9080", "result": null, "update": "20201008"}, "VIPRE": {"detected": false, "version": "87262", "result": null, "update": "20201008"}, "TrendMicro": {"detected": false, "version": "11.0.0.1006", "result": null, "update": "20201008"}, "McAfee-GW-Edition": {"detected": false, "version": "v2019.1.2+3728", "result": null, "update": "20201007"}, "CMC": {"detected": false, "version": "2.7.2019.1", "result": null, "update": "20201007"}, "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update": "20201008"}, "SentinelOne": {"detected": false, "version": "4.4.0.0", "result": null, "update": "20200724"}, "Avast-Mobile": {"detected": false, "version": "201007-00", "result": null, "update": "20201007"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20201007"}, "Avira": {"detected": false, "version": "8.3.3.8", "result": null, "update": "20201008"}, "MAX": {"detected": false, "version": "2019.9.16.1", "result": null, "update": "20201008"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20201008"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20201008"}, "Arcabit": {"detected": false, "version": "1.0.0.881", "result": null, "update": "20201007"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20201007"}, "ZoneAlarm": {"detected": false, "version": "1.0", "result": null, "update": "20201008"}, "GData": {"detected": false, "version": "A:25.27267B:27.20442", "result": null, "update": "20201008"}, "AhnLab-V3": {"detected": false, "version": "3.18.2.10046", "result": null, "update": "20201007"}, "McAfee": {"detected": false, "version": "6.0.6.653", "result": null, "update": "20201008"}, "TACHYON": {"detected": false, "version": "2020-10-08.01", "result": null, "update": "20201008"}, "VBA32": {"detected": false, "version": "4.4.1", "result": null, "update": "20201007"}, "Zoner": {"detected": false, "version": "0.0.0.0", "result": null, "update": "20201007"}, "ESET-NOD32": {"detected": false, "version": "22116", "result": null, "update": "20201008"}, "Rising": {"detected": false, "version": "25.0.0.26", "result": null, "update": "20201007"}, "Yandex": {"detected": false, "version": "5.5.2.24", "result": null, "update": "20201006"}, "Ikarus": {"detected": false, "version": "0.1.5.2", "result": null, "update": "20201007"}, "MaxSecure": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20201007"}, "Fortinet": {"detected": false, "version": "6.2.142.0", "result": null, "update": "20201008"}, "BitDefenderTheta": {"detected": false, "version": "7.2.37796.0", "result": null, "update": "20200930"}, "AVG": {"detected": false, "version": "18.4.3895.0", "result": null, "update": "20201008"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20201007"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20201008"}}, "scan_id": "f0c162a959885be6bb8423f1343e18c571193f43fcb536f65adc77b5941e9761-1602126509", "sha1": "45ae1a178ff404259fbb61be34d5d540dce9d640", "resource": "f0c162a959885be6bb8423f1343e18c571193f43fcb536f65adc77b5941e9761", "response_code": 1, "scan_date": "2020-10-08 03:08:29", "permalink": "https://www.virustotal.com/gui/file/f0c162a959885be6bb8423f1343e18c571193f43fcb536f65adc77b5941e9761/detection/f-f0c162a959885be6bb8423f1343e18c571193f43fcb536f65adc77b5941e9761-1602126509", "verbose_msg": "Scan finished, information embedded", "total": 62, "positives": 1, "sha256": "f0c162a959885be6bb8423f1343e18c571193f43fcb536f65adc77b5941e9761", "md5": "243e79ff4a0b4322084c5c73343960d1"}
VIRUSERROR: cSHA POSITIVES 2 cleanmymac {"scans": {"Bkav": {"detected": false, "version": "1.3.0.9899", "result": null, "update": "20201024"}, "MicroWorld-eScan": {"detected": false, "version": "14.0.409.0", "result": null, "update": "20201026"}, "CMC": {"detected": false, "version": "2.7.2019.1", "result": null, "update": "20201026"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result": null, "update": "20201025"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20201026"}, "Malwarebytes": {"detected": false, "version": "3.6.4.335", "result": null, "update": "20201026"}, "Zillya": {"detected": false, "version": "2.0.0.4206", "result": null, "update": "20201023"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20201023"}, "Sangfor": {"detected": false, "version": "1.0", "result": null, "update": "20201021"}, "K7AntiVirus": {"detected": false, "version": "11.146.35566", "result": null, "update": "20201026"}, "K7GW": {"detected": false, "version": "11.146.35566", "result": null, "update": "20201026"}, "Invincea": {"detected": false, "version": "1.0.1.0", "result": null, "update": "20201026"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20190318"}, "Cyren": {"detected": false, "version": "6.3.0.2", "result": null, "update": "20201026"}, "Symantec": {"detected": false, "version": "1.13.0.0", "result": null, "update": "20201025"}, "TotalDefense": {"detected": false, "version": "37.1.62.1", "result": null, "update": "20201026"}, "TrendMicro-HouseCall": {"detected": false, "version": "10.0.0.1040", "result": null, "update": "20201026"}, "Avast": {"detected": true, "version": "18.4.3895.0", "result": "MacOS:PuAgent-AZ [PUP]", "update": "20201026"}, "ClamAV": {"detected": false, "version": "0.102.3.0", "result": null, "update": "20201025"}, "Kaspersky": {"detected": false, "version": "15.0.1.13", "result": null, "update": "20201026"}, "BitDefender": {"detected": false, "version": "7.2", "result": null, "update": "20201026"}, "NANO-Antivirus": {"detected": false, "version": "1.0.146.25233", "result": null, "update": "20201026"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20201026"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20201026"}, "Ad-Aware": {"detected": false, "version": "3.0.16.117", "result": null, "update": "20201026"}, "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update": "20201026"}, "Comodo": {"detected": false, "version": "32931", "result": null, "update": "20201026"}, "F-Secure": {"detected": false, "version": "12.0.86.52", "result": null, "update": "20201026"}, "DrWeb": {"detected": false, "version": "7.0.49.9080", "result": null, "update": "20201026"}, "VIPRE": {"detected": false, "version": "87714", "result": null, "update": "20201026"}, "TrendMicro": {"detected": false, "version": "11.0.0.1006", "result": null, "update": "20201026"}, "McAfee-GW-Edition": {"detected": false, "version": "v2019.1.2+3728", "result": null, "update": "20201026"}, "FireEye": {"detected": false, "version": "32.36.1.0", "result": null, "update": "20201026"}, "Emsisoft": {"detected": false, "version": "2018.12.0.1641", "result": null, "update": "20201026"}, "Ikarus": {"detected": false, "version": "0.1.5.2", "result": null, "update": "20201025"}, "GData": {"detected": false, "version": "A:25.27493B:27.20653", "result": null, "update": "20201026"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20201026"}, "Avira": {"detected": false, "version": "8.3.3.8", "result": null, "update": "20201026"}, "Antiy-AVL": {"detected": false, "version": "3.0.0.1", "result": null, "update": "20201026"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20201026"}, "Arcabit": {"detected": false, "version": "1.0.0.881", "result": null, "update": "20201026"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result": null, "update": "20201026"}, "ZoneAlarm": {"detected": false, "version": "1.0", "result": null, "update": "20201026"}, "Microsoft": {"detected": false, "version": "1.1.17500.4", "result": null, "update": "20201026"}, "Cynet": {"detected": false, "version": "4.0.0.24", "result": null, "update": "20201026"}, "AhnLab-V3": {"detected": false, "version": "3.18.2.10046", "result": null, "update": "20201026"}, "McAfee": {"detected": false, "version": "6.0.6.653", "result": null, "update": "20201026"}, "MAX": {"detected": false, "version": "2019.9.16.1", "result": null, "update": "20201026"}, "VBA32": {"detected": false, "version": "4.4.1", "result": null, "update": "20201023"}, "Zoner": {"detected": false, "version": "0.0.0.0", "result": null, "update": "20201025"}, "ESET-NOD32": {"detected": false, "version": "22212", "result": null, "update": "20201026"}, "Rising": {"detected": false, "version": "25.0.0.26", "result": null, "update": "20201026"}, "Yandex": {"detected": false, "version": "5.5.2.24", "result": null, "update": "20201024"}, "TACHYON": {"detected": false, "version": "2020-10-26.02", "result": null, "update": "20201026"}, "MaxSecure": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20201024"}, "Fortinet": {"detected": false, "version": "6.2.142.0", "result": null, "update": "20201026"}, "BitDefenderTheta": {"detected": false, "version": "7.2.37796.0", "result": null, "update": "20201023"}, "AVG": {"detected": true, "version": "18.4.3895.0", "result": "MacOS:PuAgent-AZ [PUP]", "update": "20201026"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20201025"}, "Qihoo-360": {"detected": false, "version": "1.0.0.1120", "result": null, "update": "20201026"}}, "scan_id": "61cfc72922d9819a14b4be8e283077fb094d98188f73369aa7689c7e716d385c-1603699291", "sha1": "e85ebbffd068d2f7194bd00422f20b6f2aa7b637", "resource": "61cfc72922d9819a14b4be8e283077fb094d98188f73369aa7689c7e716d385c", "response_code": 1, "scan_date": "2020-10-26 08:01:31", "permalink": "https://www.virustotal.com/gui/file/61cfc72922d9819a14b4be8e283077fb094d98188f73369aa7689c7e716d385c/detection/f-61cfc72922d9819a14b4be8e283077fb094d98188f73369aa7689c7e716d385c-1603699291", "verbose_msg": "Scan finished, information embedded", "total": 60, "positives": 2, "sha256": "61cfc72922d9819a14b4be8e283077fb094d98188f73369aa7689c7e716d385c", "md5": "f3e4c64d183b10b7a07c981d6c5a68da"}

the disk-drill error is gone for the newest SHA a12785ca44bdd172aaa2f1efccedfbc65c90864f2672d739f6d6903908bb3c3f