VirusTotal false positives?

[DaveBlack]

Hi @agriggio, Hope you are well.

Since switching to the new automated build process for GitHub releases, noticed VirusTotal appears to be identifying false positives for both Linux and Windows binaries?

- Feature request Please can the build script be modified to also create sha256sum files for downloads, to help with integrity checking?

- Question Is there a reason Linux and Windows binaries have slightly different file names (dash vs underscore)? ART-1.24.1-linux64.tar.xz ART_1.24.1_Win64.exe

Thank you for your time, help, ART, and your incredible development skills, so very much appreciated! 😊

Kind regards.

[agriggio]

Hi, thanks for the report. I don' t know if I can do much about the false positives, I would highly doubt that the github VMs are infected, but you never know...

Please can the build script be modified to also create sha256sum files for downloads, to help with integrity checking?

I'll see what I can do

Is there a reason Linux and Windows binaries have slightly different file names (dash vs underscore)?

No particular reason, just an accident. Is that a problem though?

[DaveBlack]

Thanks for your reply.

Forgot to mention, virus checker on works Windows PC instantly quarantined the ART_1.24.1_Win64.exe download (VirusTotal tested using Linux).

Since your Bitbucket ART 1.23 files are reported as clean with VirusTotal, wonder if building that version using the GitHub VMs creates files with false positives?

--

Thank you so much for considering the shasum files!

--

Not a problem, quite inquisitive, and like to learn.

[agriggio]

I'll try building 1.23, let's see what happens

[DaveBlack]

Hi hope you are keeping well.

Have you had chance to try building experiments and potentially solve the viruses / false positives issue?

Thanks.

[agriggio]

I just tried the windows installer with virustotal and it reports it as clean: https://www.virustotal.com/gui/url/b089cf5496b7793c635088c0fa50d98b6c9591f26f1c6117fa5c8d4b46ce7d15?nocache=1

[DaveBlack]

Interesting! Using Linux, just re-downloaded the Windows installer to test, retried VirusTotal, same virus / false positive result? https://www.virustotal.com/gui/file/9c28abde3817861cb9f7500da00019ae18cc0bc0daca2cb1657ebe2d0b08529d

[agriggio]

Are you sure you don't have some issue on your side?

[DaveBlack]

Do hope not, only use reputable open source software from trusted sources. Also, in case helpful, my downloaded file has the same shasum as in the VirusTotal link you provided.

Further to above, using the VirusTotal link you provided -> Details -> Body SHA-256, clicking the provided shasum lands on the same VirusTotal virus / false positive link I provided??

Out of interest, if you download the file, then try VirusTotal (rather than direct scanning the GitHub version), do you end up with the same result as I encountered?

Thank you again for your help.

[DaveBlack]

Oh, please know just replying to your question, and not implying you aren't using trusted sources, thank you!

While non-foolproof, just repeated the same file download and scan experiment, using a VM with a different Linux OS live session. Same result.

[agriggio]

I also get the warning by bkav pro if I upload from my machine. I don't know what to do about it though, sorry. If you don't trust the binary, just don't download it... I see no action that I can take here.

[DaveBlack]

Thank you, encouraging to know!

Repeated the VirusTotal experiment, this time with the Linux binary... Checking GitHub URL = no detection. Downloading and uploading for scan = detection.

Also noticed, checking Windows binary using GitHub URL, Bkav isn't used (reason for no detection?), but is used for uploaded file scan.

Understand, and greatly appreciate your help. Just trying to fathom why issue began since switching to GitHub automated builds.

Looked into submitting VirusTotal false positive reports for Linux and Windows binaries, may need your input as lead developer? Subject: 'My site/file has been improperly flagged as harmful (false positive)' https://www.virustotal.com/gui/contact-us/technical-support

Currently still using Linux ART (Bitbucket) v1.23.