Closed thefrogline closed 6 months ago
CryptoMorin
commented
12 months ago The Log4J vulnerability warning has nothing to do with XSeries, because it doesn't even log anything. As for Java Trojan warnings, the plugin does not access any of system's APIs, even files (except for NoteBlockMusic and XParticle classes) So I don't know where to even look to diagnose the issue.
LOOHP
commented
12 months ago My plugins that use this library also got flagged as malware and some of my users are understandably concerned. Once upon a time when I used method handles instead of reflection I also triggered some antivirus. So it might be some code that could have accessed system resources but wasn't used for that purpose.
CryptoMorin
commented
12 months ago My main plugin other than XSeries, also uses a lot of system APIs and extreme reflection to mess with class loaders and other "suspicious-looking" code, but VirusTotal is totally (no pun intended) fine with it. It's not obfuscated. (It doesn't shade XSeries itself tho)
thefrogline
commented
12 months ago Hello, I was able to find an antivirus that gives me the path of the problem (windows defender only told me the name), I just looked and compared it with the repo code, it shows that it is a false positive, I don't see anything honestly strange, I'll still leave the photo here in case you want to review
CryptoMorin
commented
12 months ago Hello, I was able to find an antivirus that gives me the path of the problem (windows defender only told me the name), I just looked and compared it with the repo code, it shows that it is a false positive, I don't see anything honestly strange, I'll still leave the photo here in case you want to review
That's very interesting. Could you please name the anti virus that you used? Also, would it be possible to exclude XSound from being shaded to see if switches to detecting another class?
If it failed, try copy pasting XSound directly to your own project instead of shading it to see if it still detects it.
I don't know what separates that class from others. Maybe the CompletableFuture usage?
thefrogline
commented
11 months ago Hello, sorry for the delay, the antivirus is: "BitDefender" has a free version and it is the same, and do you think you can tell me how to exclude shaded, please?
CryptoMorin
commented
11 months ago Hello, sorry for the delay, the antivirus is: "BitDefender" has a free version and it is the same, and do you think you can tell me how to exclude shaded, please?
It's in the readme page. For SkullUtils it'd be
<exclude>com/cryptomorin/xseries/SkullUtils*</exclude>Now it seems to be the switch statment in isItem(material) in XTag which is causing false positives. This is from the source file XTag$1.class, which when removed from XSeries-9.7.0.jar stops it from being flagged.
https://www.virustotal.com/gui/file/ab72a4c20c91848f62f1dfb57f72be1e58d978eda8439cfa5e750a2c762c6dcf
CryptoMorin
commented
11 months ago I'm really unsure why it'd flag that method specifically. Because there are other methods that use even longer switch statements like that.
LOOHP
commented
6 months ago I believe this can be closed now as it is no longer triggering positives in the latest version.
CryptoMorin
commented
6 months ago Huh, that's weird. That's great to hear tho. Thanks for checking.
Hi, I’ve been using XSeries for a long time and I have no doubt that it’s very good and also safe, as it’s even open source. However, I work on plugin commissions, and I’ve been using XSeries for a year now, but just this week several people have been unable to download what I do, as it’s flagged as a virus. I tried removing all the libraries, and I realized that it came from XSeries. I mainly wanted to confirm if everything is okay with the library and so on. I attach evidence of the same jar, only removing the XSeries.
(maybe it comes from something else, I don't think so, but hey, sorry if it's nonsense but it's something to know haha)
maven version:
edit: with last version (9.6.0) happens the same issue