malicious code in nuget package 5.12.1

[druizgui]

My antivirus has detected the following viruses in this package:

Gen:VariantUrsu.895382 Trojan.GenericKDA3300007

[mkoertgen]

Hi @druizgui,

Thanks for reporting. I did a quick review on the generic trojan. There are some users reporting false positives of BitDefender on this particular signatures.

Since this is the first reported issue of this kind we don't want to brush this off. Let's discuss:

1. The library loads fonts from embedded resources at runtime. For WinForms it uses PrivateFontCollection.AddMemoryFont(IntPtr, Int32). This might trigger the AntiVirus software (BitDefender i guess)
2. The NuGet package might in fact be infected by 3rd party hackers. Since the package is built on AppVeyor this is improbable but not impossible.
3. The package could be hacked during download. Do you use proxies?

For your convenience i manually downloaded the package directly from nuget.org/packages/FontAwesome.Sharp and checked it online on VirusTotal.

Here is the report:

• https://www.virustotal.com/gui/file/55048ea9f180b638f373dce1cf0c78193cec781f2ad0e87e881b0fc09369a37f/detection

No engine detected this file. My bet is that your AntiVirus software is producing a false positive. But please review yourself.

[druizgui]

My antivirus is BitDefender. I don't use intermediate mechanisms to connect (proxy, WIFI,...). I have checked the latest version and 5.12.1 in the nuget repository and I am surprised that the last one does not report viruses but yes the previous.