search

AlexGustafsson / systembolaget-api

A cross-platform solution for all of Systembolaget's open APIs. For up-to-date data see https://github.com/AlexGustafsson/systembolaget-api-data.
Other
7 stars 3 forks source link

False positive malware detection on Windows #18

Open swejoos opened 1 week ago

swejoos commented 1 week ago

Detected Trojan:WIN32/wacatac.B!ml

Don't know if it's relevant, but I thought better report it.

trjan

AlexGustafsson commented 1 week ago

Hi! Thanks for the report.

TLDR; False positives, which sucks for UX. Don't necessarily take my word for it though, you can always build it yourself from source.

Shasums of the latest builds for 4.1.2 on my local computer:

09d3167b25daf346d17dbdb4bda8720d9ae6d3b73a1172fe3d085de22f5863e2  build/windows_amd64.zip
86e11d449ac7ee8601261ec2abcadaf875e4f7a2f65f403ec5f6625fe682eb91  build/windows_amd64

Virustotal results:

https://www.virustotal.com/gui/file/86e11d449ac7ee8601261ec2abcadaf875e4f7a2f65f403ec5f6625fe682eb91?nocache=1

https://www.virustotal.com/gui/file/09d3167b25daf346d17dbdb4bda8720d9ae6d3b73a1172fe3d085de22f5863e2?nocache=1

I think it's safe to say that there's not much to worry about here. The "grayware" category isn't necessarily flagging it as malware. Microsoft's "!ml" classifications are machine learning based, so it can also yield some false positives. Regarding the MaxSecure report, I've never heard of them, but searching for the report online yields a lot of reports on false positives.

Still, you should of course always stay vigilant on the Internet and only run things you trust. When in doubt, read the source code and build it from source.

AlexGustafsson commented 1 week ago

I've pinned this issue so that it's easily visible for others. I'll try to keep this in mind for future releases, proactively uploading the binaries to VirusTotal for transparency.