Open Skyhawk1207 opened 1 year ago
The same app binary is published in Microsoft's Official WinGet & Chocolatey package managers. Both of these have super strict virus scanning & human moderators. Also every binary was built & released through GitHub Action Workflows so no doubts there as well
Thus, I think we can conclude this as a false positive. Or there's a chance your system is infected with that malware which infected the executable
I can confirm this with the 3.1.1 release for Windows as well. 2 engines (Bkav Pro and MaxSecure) are detecting the program as malware for some reason.
Some IP address contacted by Spotube and dropped files are flagged too. I can't say for sure that signing the program would solve everything but it would surely help.
Check the analysis: www.t.ly/HPqE9
Also, duplicate of #613
This is funny as hell. I resolved the domain names for the "flagged" IPs
192.229.211.108 => ocsp.digicert.com 20.99.184.37 => No domain (but directly from Microsoft Azure) 23.216.147.64 => Unresolved but shows it's from Seattle (owned by Akamai) 23.216.147.76 => Same as above 35.186.224.25 => 25.224.186.35.bc.googleusercontent.com
Detected dropped Files: is-LN0V7.tmp => Spotube never creates this file. Probably inno-installer uses it Spotube-windows-x86_64-setup.tmp => This a temp download segment file. It's usually done by segmented file downloaders. It has nothing to do with Spotube at all. Wonder why that would even be flagged
The 80% flagged stuff are things that the sandbox is using to verify Spotube's integrity
Is there an existing issue for this?
Current Behavior
Scanning Spotube-windows-x86_64-setup.exe for version 3.1.1 on Virus total shows mostly clean results except for one vendor Bkav Pro which shows the malware W32.AIDetectMalware.
Expected Behavior
This vendor should not be tagging the app as a malware as it reduces trust in the application.
Steps to reproduce
Operating System
Windows 11
Spotube version
3.1.1
Installation source
Website (spotube.netlify.app) or (spotube.krtirtho.dev), GitHub Releases (Binary)
Additional information
No response