Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FreeRDP Windows nightly build is detected as virus/malware #6336

Open
nfedera opened this issue Jul 1, 2020 · 1 comment
Open

FreeRDP Windows nightly build is detected as virus/malware #6336

nfedera opened this issue Jul 1, 2020 · 1 comment
Labels
help-wanted windows

Comments

@nfedera
Copy link
Contributor

nfedera commented Jul 1, 2020

For unknown reasons several engines detect wfreerdp.exe.
See here: https://www.virustotal.com/gui/file/cea83d331f0fc70a445c566cc460ba5e70b8dc6079f2c13de03e6237bfbb5caf/detection

Ad-Aware: Gen:Variant.Razy.645462
AegisLab: Riskware.Win32.FreeRDP.1!c
AhnLab-V3: Malware/Win64.RL_Generic.R335118
Alibaba: NetTool:Win32/FreeRDP.e1902999
ALYac: Gen:Variant.Razy.645462
Antiy-AVL: RiskWare[NetTool]/Win32.FreeRDP
SecureAge APEX: Malicious
Arcabit: Trojan.Razy.D9D956
Avast: Win64:Malware-gen
AVG: Win64:Malware-gen
BitDefender: Gen:Variant.Razy.645462
Cylance: Unsafe
Emsisoft: Gen:Variant.Razy.645462 (B)
eScan: Gen:Variant.Razy.645462
FireEye: Gen:Variant.Razy.645462
GData: Gen:Variant.Razy.645462
K7GW: Riskware ( 0040eff71 )
MAX: Malware (ai Score=82)
McAfee: GenericRXAA-FA!1BDD05294C02
Microsoft: Trojan:Win32/Wacatac.C!ml
Palo Alto Networks: Generic.ml
Panda: Trj/CI.A
TrendMicro-HouseCall: TROJ_GEN.R002H07FU20
ZoneAlarm by Check Point: Not-a-virus:HEUR:NetTool.Win32.FreeRDP.g
Kaspersky: Not-a-virus:HEUR:NetTool.Win32.FreeRDP.gen
Fortinet: Riskware/FreeRDP

These are clearly false positives as indicated by ZoneAlarm, Kaspersky and Fortinet.

To verify anyone can do the following steps to reproduce the nightly windows build:

  • Create a Windows 8.1 x64 virtual machine and install all updates
  • Install latest git for Windows
  • Install latest cmake for Windows
  • Install Visual Studio 2013 Update 5
  • Install Strawberry Perl for Windows x64
  • open cmd.exe and: 
    c:
cd \
md frdp
cd frdp 

git clone git://git.openssl.org/openssl.git
git checkout OpenSSL_1_0_2

git clone https://github.com/FreeRDP/FreeRDP.git
  • Open VS2013 x64 Native Tools Command Prompt and: 
    c:
cd \frdp\openssl\
perl Configure VC-WIN64A
perl Configure VC-WIN64A --prefix=c:/frdp/openssl/win64
ms\do_win64a
nmake -f ms\nt.mak
cd out32
..\ms\test
cd ..
nmake -f ms\nt.mak install
  • Open cmd.exe and: 
    c:
cd \frdp\FreeRDP
md build 
cd build

set OPENSSL_ROOT_DIR=c:\frdp\openssl\win64

cmake -Tv120_xp -DCMAKE_WINDOWS_VERSION=WINXP -DBUILD_SHARED_LIBS=OFF -DMSVC_RUNTIME=static -DWITH_SSE2=ON -DCHANNEL_URBDRC=OFF -DCMAKE_BUILD_TYPE=Release -G "Visual Studio 12 2013 Win64" ..

cmake --build . --clean-first --config Release

The static x64 wfreerdp.exe is now here: c:\frdp\FreeRDP\build\Release\wfreerdp.exe

Upload the binary to virustotal.com and you will still see the false postives.
@nfedera
Copy link
Contributor Author

nfedera commented Jul 1, 2020

Users should report the false positives to the AV vendors and refer them to this issue, the more the better ;)

@akallabeth akallabeth mentioned this issue Aug 12, 2020
Closed
@cedrozor cedrozor mentioned this issue Oct 16, 2020
Closed
@akallabeth akallabeth mentioned this issue Mar 3, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help-wanted windows
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nfedera