Multiple virus detection warnings for Apr 15 build

[DoulosTrieste]

[Chocobo1]

I'm aware of it but sadly I don't know how to improve the situation.

I could build it locally and distribute the executables but would you trust it? Compared to the current open build logs this way is opaque. At this point I would suggest you build the program yourself.

Also see my previous reply: https://github.com/Chocobo1/opus-tools_win32-build/issues/8#issuecomment-2007698239

[Chocobo1]

I suppose I could migrate from Appveyor to Github Actions but I'm not sure it will resolve this issue.

[DoulosTrieste]

I'm not familiar with the situation and Googling some of these obscure vendor names doesn't provide much useful information. Are they flagging out code obfuscation? And I only became aware of it because Microsoft Defender got triggered and quarantined it right after downloading.

[Chocobo1]

Are they flagging out code obfuscation?

I don't do obfuscation and I don't think any source code in upstream (opus, etc.) are doing that. Compression with 7-zip shouldn't get in the way, the code is open source and well known.

I'm not familiar with the situation and Googling some of these obscure vendor names doesn't provide much useful information.

AFAIK those detection are based on machine learning and maybe the encode/decode routines misled them. I'm not sure. Another hypothesis is Appveyor might have some 'issues' but there is no concrete evidence and just wild guess at this point.

[Chocobo1]

As an experiment, I've just build it on my machine and sent it to virustotal to analyze.

Here is the report: https://www.virustotal.com/gui/file/986216e14629c93527c2e00213771e67d797245114ad094f60bf17af6ef01e19?nocache=1 Here are the executables: opus_x64.zip

As you can see there are still false-positives although it is vastly less than the appveyor builds.

[DoulosTrieste]

Thanks and apologies for any trouble I caused. It's galling that antivirus engines are compromising themselves and user trust with subpar ML algorithms.

[Chocobo1]

I've migrated to Github Actions and here is the build: https://github.com/Chocobo1/opus-tools_win32-build/actions/runs/8817750167 VirusTotal report: https://www.virustotal.com/gui/file/4e38ce566463e083b30cfab762f0e7f2d4026299c59f1e98114717f0240cd11b?nocache=1

Since the build scripts are mostly the same for Appveyor and Github Actions, we can rule out issues with Appveyor (and 7-zip too). I'm leaning more with the culprit being subpar machine learning detection from anti-virus.

Thanks and apologies for any trouble I caused. It's galling that antivirus engines are compromising themselves and user trust with subpar ML algorithms.

No worries, at least I get the chance to rule out some components and hypothesis.