Squirrel.windows: To many trojan and virus warnings
Hi Guys,
When I downloaded the zip file, my antivirus removed it from my computer and I scanned it with VirusTotal and the result was scary:
Antiy-AVL | Trojan/Win32.AGeneric
AVware | Trojan.Win32.Generic!BT
Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9613
Cylance | Unsafe
Sophos ML | heuristic
Rising | Malware.Heuristic!ET#96% (cloud:0AWxcpf22iS)
TrendMicro-HouseCall | Suspici.E95DAE17
Here is the link:
https://www.virustotal.com/en/file/fb007cc4fde1ab1edb9b4173162d7a175002121d78c60bec620dc82192de3aa0/analysis/1501477207/
Would you fix please the security issue and build another release?
Thanks and appreciate your work
space-curiosity
All 8 comments
An unsigned Squirrel.Windows will trigger nonsense warnings, you can ignore this. It turns out that installing software, and malware (which installs software) do the same things.
anaisbetts
on 31 Jul 2017
It's not about the signed or not signed file. The antivirus detected Trojan and Malware in these 4 files.
Setup.exe
StubExecutable.exe
winterop.dll
WriteZipToSetup.exe
It's look like something is hidden underneath. We have to report it.
space-curiosity
on 31 Jul 2017
@space-curiosity. It's a false positive, av's get them all the time
MarshallOfSound
on 31 Jul 2017
@MarshallOfSound Not true always. I'm concerned about the security risk.
space-curiosity
on 31 Jul 2017
@MarshallOfSound at least 7 antivirus application detected security risk in those files.
space-curiosity
on 31 Jul 2017
If you're concerned, build it on your machine and compare checksums. These releases are used by hundreds if not thousands of apps every day.
MarshallOfSound
on 31 Jul 2017
@MarshallOfSound Will do review the codes and build it again and will find out what's the issue.
space-curiosity
on 31 Jul 2017
@space-curiosity FFS please do _not_ report these files as malware. Look at the "virus" that's reported, it's all "Generic" and "Heuristic", not a specific virus. This means that this isn't an _actual_ virus, it just means that it does certain operations that AV has decided as "bad". That "Bad" thing is...
Installing Software.
There's nothing we can do about that! Squirrel is designed to install software. Only, with the user's consent. winterop.dll isn't even from this project, it's from WiX, and it is for sure safe.
anaisbetts
on 31 Jul 2017
Related issues
CodeFunta
路
6Comments
JonZso
路
5Comments
shiftkey
路
4Comments
greyivy
路
4Comments
don-smith
路
5Comments
Most helpful comment
@space-curiosity FFS please do _not_ report these files as malware. Look at the "virus" that's reported, it's all "Generic" and "Heuristic", not a specific virus. This means that this isn't an _actual_ virus, it just means that it does certain operations that AV has decided as "bad". That "Bad" thing is...
Installing Software.
There's nothing we can do about that! Squirrel is designed to install software. Only, with the user's consent. winterop.dll isn't even from this project, it's from WiX, and it is for sure safe.