Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Virus detected after version v1.0.0 #164

Closed
whatevergeek opened this issue May 13, 2023 · 3 comments
Closed

Virus detected after version v1.0.0 #164

whatevergeek opened this issue May 13, 2023 · 3 comments

Comments

@whatevergeek
Copy link

whatevergeek commented May 13, 2023
edited

On Windows, when i try to download from v1.0.0 onwards it keeps failing:
Failed - Virus detected
Please see screenshot.
image
v0.1.8 was ok though
@pdesaulniers
Copy link
Member

pdesaulniers commented May 13, 2023
edited

Thanks for reporting this issue!

I see that VirusTotal flags the v1.0.1 release as containing a Trojan.

This issue appears to affect other DPF-based plugins, such as Dragonfly Reverb: michaelwillis/dragonfly-reverb#154

I believe it is a false positive, but I will look into it nonetheless.

Which browser do you use to download Wolf Shaper? Also, do you have any specific antivirus software installed on your machine? Does it create a detailed log entry whenever a virus is detected?

@pdesaulniers
Copy link
Member

pdesaulniers commented May 15, 2023
edited

In the meantime, I've tried recompiling Wolf Shaper with a different toolchain (mingw-w64-gcc 12.2.0-1 on Arch Linux)

Can you please check if this release also triggers a warning in your antivirus? https://github.com/wolf-plugins/wolf-shaper/releases/download/v1.0.2/wolf-shaper-v1.0.2+20230515144200-windows-x64.zip

pdesaulniers added a commit that referenced this issue May 15, 2023
@pdesaulniers
Website: switch to a different Windows build
2ac868e 
Related: #164

Windows binaries built with dpf-makefile-action are being detected as Trojan by some antivirus software: https://www.virustotal.com/gui/file/60a379bc52cd1ae7a09803b71fe675e63c0b8ac5413817d87c9f79ac3e1582b4

For the time being, to bypass this issue, I rebuilt the binaries using mingw-w64-gcc 12.2.0-1 on Arch Linux. The latest build is considered clean by VirusTotal: https://www.virustotal.com/gui/file/42a703a5f71b19855d9213d57f2261d2182c73c73d39730775188df3e4c47da9
pdesaulniers added a commit that referenced this issue May 15, 2023
@pdesaulniers
Delete test.yml
bc5e216 
This workflow was used to investigate #164

- It seems like binaries built with MinGW on Ubuntu 20.04 are being detected as a Trojan by BitDefender and other vendors: https://www.virustotal.com/gui/file/420587335d94788b376751745d32d1003663e88c4383c433e5ea920a6f2308f8
- I couldn't reproduce on Ubuntu 22.04 (save for one vendor): https://www.virustotal.com/gui/file/0e31b49d38e10f769915f48a6c1f66c9006453e5bf4f1fff37de227a80577721
- Binaries built with mingw-w64-gcc 12.2.0 on my machine are not flagged as malicious

So, unless Ubuntu is distributing compromised packages, I'm pretty sure this is a false positive. I've never seen anything suspicious in DPF's code.

Also, I couldn't find any info regarding the threat that these vendors call `Trojan.Ceram.Gen.1`. I don't know what it is supposed to do.
@whatevergeek
Copy link
Author

whatevergeek commented May 16, 2023
edited

@pdesaulniers seems to be working now... thanks for the quick fix :-)
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@whatevergeek @pdesaulniers