Describe the bug
Three AV engines on VirusTotal report that the latest binary of Open-Shell has a trojan (or something malicious).
To Reproduce
Steps to reproduce the behavior:
-Submit the Open-Shell binary v.4.4.142 installer to VirusTotal
-Wait for analysis to complete. This morning (CET) 2 engines detected the file as malicious, but this afternoon 3 engines do. It's never good when the amount of unrelated engines detecting an issue goes increasing - this makes it seem like it's not a false positive.
Expected behavior
No engine should detect the file as containing malware. If at most one or two engine(s) does (due to a false positive detection), after a while the engine heuristics or the definitions should be updated to no longer report the file as false positive. At least the engine count should go down over time, not up.
Screenshots
No screenshot, but the VirusTotal scan report (hoping URL is reusable): https://www.virustotal.com/gui/file/38f23b6527c41c0f7c7760189ae7a7da0747f7c85a04d464bbcb17e1d87ee914/detection
Version:
Additional context
Add any other context about the problem here.
There is no need to report it here.
We cannot do much about it :(
You should rather report false-positives to those vendors.
There is nothing malicious in Open-Shell. You can go through sources and compile on your own.
Oh, I fully trust you and I know it can be compiled from sources etc. My point is that there might be a problem, maybe in the build computer, that causes the built installers to be infected. I am not affirming there is a problem, but I believe it could be true. I trust you and thank you for the work on Open Shell, too bad you close my report without doing checks. There are actual plausible signs of problems.
No, there are no signs of any problem.
It is highly unlikely that Appveyor's build machines (that are always created from clean image) contain any malware.
It is far more likely that those AVs are simply reporting false-positive.
Unless they (or someone else) provide any proof of malicious activity, there is no point to check anything.
No signs of whatsoever. Just bad heuristics engines like most of the AV software out there, except ESET's.
Like geordi said, Appveyor build systems are clean. If they were not, you would know by now as 99% of the software maintained on github would be publishing infected binaries.
:+1: 2nd
Just wanted to say thanks for the answer, even if a bit late. I am new to GitHub and didn't know you were using those AppVeyor VMs for the builds. I agree it is highly unlikely, really highly unlikely that such machines are infected.
Even more unlikely if not practically impossible that such an infection would go unnoticed after days as it would affect everything built from AppVeyor VMs... or at least, a lot of SW built on AppVeyor's VMs.
Now that I know that, I will refrain posting such well-intended but mis-informed issues and try to help explaining the background to people making the same error as I have.
Thanks!
Most helpful comment
There is no need to report it here.
We cannot do much about it :(
You should rather report false-positives to those vendors.
There is nothing malicious in
Open-Shell. You can go through sources and compile on your own.