Closed mwarrenus closed 1 year ago
@mwarrenus thanks for the report!
I see 2 possibilities:
I'm marking this release as potentially dangerous to discourage from downloading.
Please help me with finding the culprit file -> if you have such option in VirusTotal (isolated sanbox ect.).
@SilmorSenedlen and @SparrowBrain -- making you, as you already reacted with emoji to that release. My recommendation is to remove / downgrade.
@mwarrenus did you ever used older plugin releases w/o antivirus complains?
Thank you so much for the heads up! Gonna remove for now. Overall really like the plugin, thanks for all the work!
I suspect that it may just be a false positive as only one antivirus has detected malware.
My recommendation is to remove / downgrade.
Thx for info.
ESET scan didn't detect any issues
You can guarantee it is a false positive. When a Chinese AV that is designed to think everything is a threat, but none of the trustable AV see a threat, you can have faith it is fine. If Bitdefender, Avira, Kaspersky, eset and MalwareBytes detected something then it is worth worrying.
@SilmorSenedlen and @SparrowBrain -- making you, as you already reacted with emoji to that release. My recommendation is to remove / downgrade.
@mwarrenus did you ever used older plugin releases w/o antivirus complains?
Just curious... is there any update to the status of this? Should 11.0 still be avoided? Thank you.
@Ozzuneoj In my opinion it should be completely safe, I'm using it and I seem to be doing fine. It's up to you of course, but I'm quite certain that it's just a false positive. If 59 out of 60 antiviruses say that it's safe, I'm not going to listen to the 1 that says otherwise, especially if it's just from some company which I've never heard of.
This is a false positive. The modified files between 0.10.1 and 0.11.0 are only those:
3 text files with no malicious edits and 1 binary file
normalizer.exe
.
The binary file has full clear on VT for both version 10.1 and 11.0. This includes also Jiangmin.
Imo the solutions are only two:
The disclaimer on release 0.11.0 should be removed. @UncleGoogle
Ok, closing then, thanks for all your reviews!
I'll also lock dependencies and update in separate releases or commimts, so in the future similar cases will be easier to check.
Describe the bug VirusTotal's run of the Jiangmin scanner flagged humble_v0.11.0_win.zip as containing Trojan.Cometer.cmb.
Expected behavior Downloadable releases of the Humble Bundle plugin for GOG Galaxy should have a clean VirusTotal scan prior to posting.
Plugin installed Manually from the releases page of the UncleGoogle/galaxy-integration-humblebundle repository
Provide logs Please see the VirusTotal scan report for humble_v0.11.0_win.zip.
Edit: Perhaps the VirusTotal GitHub Action could be used to automate this check.