Windrider6
commented
2 years ago Updated to Thunderbird 91.12.0 (64 bit), and installed quickFilters again. Immediately removed by Bitdefender.
Closed Windrider6 closed 2 years ago
Windrider6
commented
2 years ago Updated to Thunderbird 91.12.0 (64 bit), and installed quickFilters again. Immediately removed by Bitdefender.
RealRaven2000
commented
2 years ago I submitted it to the guys at bitdefender as a false positive, they usually take 72 hours for processing, let's wait and see. I have seen the exact same error message for SmartTemplates and QuickFolders as well. One of the error messages mentioned the file NotifyTools/implementation.js - it would be interesting to see whether a build without NotifyTools would be flagged. (Of course it wouldn't work, but it might be a good experiment to find the problematic file).
pmruzicka
commented
2 years ago I have the same problem but using Vipre Advanced Security v. 11.0.6.22 (up to date). Even when I installed after turning off Vipre, as soon as I turned Vipre on, it removed/quarantines QuickFilters.
What is the link to download previous version?
RealRaven2000
commented
2 years ago I have the same problem but using Vipre Advanced Security v. 11.0.6.22 (up to date). Even when I installed after turning off Vipre, as soon as I turned Vipre on, it removed/quarantines QuickFilters.
What is the link to download previous version?
there is a page with all older versions here: https://addons.thunderbird.net/en-US/thunderbird/addon/quickfilters/versions/
RealRaven2000
commented
2 years ago I have worked on this all morning to see which contained files trigger the false positives and how. GData seems to have a reasonably detailed AV scanner that tells me which files are flagged for what. They are all triggering variants of Trojan.Generic.611744* - some of which can be simply fixed by saving the affected files with Unix(LF) style line endings. Unfortunately this doesn't work for all files contained in quickFilters.xpi, so I cannot currently offer a patched version:
I have submitted support requests (submitted as false positives) to Bitdefender and GData asking them to check their AV patterns. As it is Saturday, I guess I will have to wait until next week until we hopefully see some results.
RealRaven2000
commented
2 years ago All supposed infections follow the schema : Trojan.GenericKD.611744* - I am currently trying to lower the amount of files that trigger the schema but it is hard to do without knowing what details trigger it. One thing I found so far is that the following line in notifyTools.js triggers one of the false positives:
enable: function() {
Services.obs.addObserver(
this.onNotifyExperimentObserver,
"NotifyExperimentObserver",
false
);
},if I replace addObserver with xddObserver the file doesn't trigger a problem.
RealRaven2000
commented
2 years ago Ok I patched the heck out of some code so that it won't trigger the false positives. Probably not going to keep most of these changes for production but here is a version as workaround until the Antivirus vendors (Bitdefender) get their act together and fix the problems in their algorithms:
to install, download the zip file - feel free to scan for viruses to make sure there are no more detections - then drag the file into Thunderbird Add-ons Manager (without unpacking it)
Thunderbird 91.11.0 in Windows 10. Today Bitdefender Antivirus Plus cleaned and quarantined "quickFilters@axelg.com.xpi" because it was "infected with Trojan.GenericKD.61174428".