Closed dr4lekhine closed 10 months ago
Hrm. Indeed, I saw Avast on the list of engines that flagged it and I happen to run Avast on my Windows system, so I reproduced the problem successfully.
I'm not great at interpreting the output of these VirusTotal summaries to understand what about the executable was the cause for concern. For instance, some older versions of Brim were also flagged due to one particular utility that's bundled with the app, but in that case the detail in VirusTotal was sufficient to unpack the problem and write up the details at https://github.com/brimdata/brim/wiki/Troubleshooting#my-antivirus-software-has-flagged-brim-as-potentially-malicious that show why it's almost certainly a false positive. For this one, I'm not sure how one would proceed.
I just went ahead and submitted it at https://www.avast.com/false-positive-file-form.php to see if the Avast people might come back with anything more specific to say.
Dang, this sucks. It's probably, as usual, our bundled zeek and suricata binaries. We updated electron in this release, so that might be reason for the difference since the last release.
I did get the following reply from Avast:
Greetings,
Thank you for contacting Avast with your concerns.
Our virus specialists have been working on this problem and detection on this file has been changed to PUP - potentially unwanted.
For future reference you might also find the following articles to be useful:
- Avast Threat Labs - Clean guidelines: https://support.avast.com/en-ww/article/228/
- Avast Threat Labs - Mobile application clean guidelines: https://support.avast.com/en-ww/article/151/
Ondřej
Avast Customer Care Team
It sure would have been great if they could flag the specific items in their checklists where they believe the app is still in violation, rather than leaving it to us to guess which one(s). I'll reply and ask if they'd be so kind. In the meantime, looking over the list myself, I can see some possible culprits including:
I'd recommend doing your own read through their lists, as I may be overlooking others that apply. These might be worth addressing regardless since their presence in these lists seem to imply they're a reflection of current good app hygiene.
I'll update with anything further I hear back from Avast.
Alas, when I replied and asked Avast to point to Brim's specific violations from their checklist, they did not provide. Their message:
Hello Phil,
Thank you for your reply.
Once the violations of clean guidelines are fixed on the side of the developers they may contact us directly to check it for them again.
Best Regards
Ondřej
Avast Customer Care Team
Therefore, it sounds like the best that could be done is to address as many things from their checklist as possible and then ask again, as they say.
Hello,
Are you noticed that the last build (0.30) is flagged as malware by several security/AV products:
0.30 (Windows): https://www.virustotal.com/gui/file/33e86bbf67936459a50b3cc1713254b6a4cf817ab46b07d49ffe7658edb84349/details (6/63)
In general, earlier builds seems to not: 0.29 (Windows): https://www.virustotal.com/gui/file/5208435e4b886e4a2b84eece27e0436948281647d5a0b8b4937756d97be812ee/detection (0/61) 0.28 (Windows): https://www.virustotal.com/gui/file/363fe8954edb1e826d2932d779973293479274a813fd7b5c0dfb67f8732ca9fd/detection (1/61)
Regards.