-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False malware detection by Bkav Pro: W32.AIDetectMalware.64 #262
Comments
compile from source and check that file. probably virustotal being weird
…On Sun, Oct 8, 2023, 1:05 PM GodRage ***@***.***> wrote:
*Problem:* Malware detected.
https://www.virustotal.com/gui/file/cd1ca7e9a9f985afb1f8dfea9dad106bb4b18eb991e253c9993249035dfad10b/detection
*cubiomes-viewer-3.3.0-w64.exe*
Bkav Pro: W32.AIDetectMalware.64
*Solution:* in case of false positive, send the zip to
https://www.bkav.com/contact-us
—
Reply to this email directly, view it on GitHub
<#262>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AVRMB4NANFZSLTNGN7S7TCLX6MBPFAVCNFSM6AAAAAA5X43QZ2VHI2DSMVQWIX3LMV43ASLTON2WKOZRHEZTEMBUHE3TOMQ>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Compiling skill is out of my domain. (And I've heard that some compilers are the source of Trojans...) |
This is curious since all the releases up to 3.2.1 are fine. I have not changed my build setup at all for the releases, so Bkav Pro must take issue with some of the changes between 3.2.1 and 3.3.0. My best guess is that its caused by the bundled translation files that were added for the internationalization. When I get some time, I'll try confirm this or identify the change that caused it. In case anyone is really worried and wants to replicate the binary:
My Qt build options were:
|
After some experimentation I've determined that the false positive is triggered by the biome lookup table in the cubiomes library. My initial assessment suspecting the changes between 3.2.1 and 3.3.0 was based on VirusTotal not reporting issues wíth release 3.2.1. However, it appears that W64.AIDetectMalware was added to the list of scanners relatively recently and the result of a previous scan was cached. The "Reanalyze" feature on the website also does not work as expected. Since this is not directly an issue with Cubiomes-Viewer but with the cubiomes library (or rather with the virus scanners), I'll close this issue in favor of Cubitect/cubiomes#110. |
I have tried some test builds without the biome lookup table and with large parts of the program removed, and the false malware detection by Bkav Pro persists. I now suspect that the very use of Qt triggers the issue. In any case, the cubiomes library may not be sole problem after all, so I'll reopen this issue of now. I have reported the false detection to Bkav. |
I have not got a reply from Bkav, but the issue seems to be resolved. At least version 4.0 is no longer is flagged on VirusTotal: |
Problem: Malware detected.
https://www.virustotal.com/gui/file/cd1ca7e9a9f985afb1f8dfea9dad106bb4b18eb991e253c9993249035dfad10b/detection
cubiomes-viewer-3.3.0-w64.exe
Bkav Pro: W32.AIDetectMalware.64
Solution: in case of false positive, send the zip to https://www.bkav.com/contact-us
The text was updated successfully, but these errors were encountered: