New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
17 threats found by Virustotal in downloaded 32bit zip #1102
Comments
Thank you for your report. I also checked older releases, win32 versions also trigger some antivirus in virustotal (not always the same, not always with the same malware/trojan). The files triggering them in the zip are (as expected) the The Windows releases are cross-compiled from Linux using MinGW. It seems all win32 binaries generated by MinGW trigger some antivirus (probably false positives?). Here is a minimal sample: #include <stdio.h>
int main(void) {
printf("hello world!\n");
return 0;
} I compile it with:
The resulting Relevant discussions: Could someone do the same test on their computer, and send the file to virustotal to confirm it is also detected as suspicious, please? |
Thanks for your feedback, I did a quick test regarding to your recommendations: so I compiled the tiny "Hello world!" example of yours on a Win64 machine using the following compiler: https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20Win32/Personal%20Builds/rubenvb/gcc-4.7-release/i686-w64-mingw32-gcc-4.7.4-release-win64_rubenvb.7z/download Checking a.exe on Virustotal resulted in finding 4 suspicious engines: https://www.virustotal.com/gui/file/a8122a09a839bacf0d601b4a71675474e6c3b460e458fc7faded3c225a263a87/detection Just to make it more stranger life took good care of confusing us: the compiler itself (i686-w64-mingw32-gcc.exe) triggered no alerts on Virustotal: https://www.virustotal.com/gui/file/1b82dbf858359098a1ef298237e2ba6b02e961a51d66dae6f619060ffb564803/detection |
Binaries created with MinGW (even a simple Hello World) are detected as malware by some anti-virus. For some reason, only the 32 bits version of scrcpy is impacted. Since users should use the 64 bits version by default anyway, remove the link to the 32 bits version from the main page. The 32 bits release is still available in the "releases" tab. See <#1102>
I removed the link to the 32 bits version from the README: c396758 |
From where did you download 32bit and 64bit ADB for Windows? |
There is only one version (32 bits I guess): Line 38 in bc75084
|
If the scrcpy client is compiled msys2/mingw-w64 mode it does not show any virus alert in Virustotal. But it finds scrcpy-server in |
Build with At runtime, you can change by using the env variable |
Anyone having this issue, I have compiled the scrcpy.exe binary in msys2/mingw-w64 toolchain. Can you test those binaries from here https://github.com/Biswa96/scrcpy-msys2/releases? |
Could someone confirm that the ones compiled by @Biswa96 will not trigger a virus alert? |
Ref problem with malwarebytes |
@Go5egK Thank you for your feedbacks. Is it still rejected today? |
It’s fine. Not rejecting since Saturday evening
(maybe my info to scrcpy issues today wasn’t clear)
|
Cool, thank you 👍 |
Very recently, I browsed mingw.org and downloaded mingw-get-setup.exe 2017-09-06, then installed gcc, g++, and MSYS. After reading this post, i compiled two examples, they got over 20 positives each on virustotal.com. here is what i used to create them within the MSYS shell:
https://www.virustotal.com/gui/file/561a3bdcef261beb2a58dca5d51d4d7d561d555d4caa6606eb3e481bf1141e16/detection |
Hi,
first of all, thanks for all of your effort - no offense but virustotal seems to find several suspicious engines in https://github.com/Genymobile/scrcpy/releases/download/v1.12.1/scrcpy-win32-v1.12.1.zip linked on https://github.com/Genymobile/scrcpy
Pls. referr: https://www.virustotal.com/gui/file/0f4b3b063536b50a2df05dc42c760f9cc0093a9a26dbdf02d8232c74dab43480/detection
I know 64bit version is completely threat-free confirmed by virustotal itself so 32bit version is clean for sure just ment to let you know.
Anyway, keep up the good work!
chris
The text was updated successfully, but these errors were encountered: