Closed philrz closed 1 year ago
GA Zui release v1.3.1 was published today that includes the fix in linked PR #2858. The VirusTotal report for its Windows installer is available at and shows none of the vendors now flag is as containing evidence of malware.
A community user sent the following to support@brimdata.io:
Indeed, the VirusTotal entry for Zui-Setup-1.3.0.exe shows 16 out of 69 vendors flagging it in some way. Here's a partial screenshot of that VirusTotal entry:
The Community tab also shows flagging by some sandboxes.
I spent some time reproducing the Recorded Future Triage result.
When digging into these findings, the tl;dr seems to be that the Suricata rules that ship with Zui (as part of Brimcap) that are used to detect signs of malware are, themselves, being flagged as signs of malware. To test this theory, I manually created a build based on the same code as Zui v1.3.0 but with the Suricata rules dropped. Running that artifact through VirusTotal, the report now shows zero vendors flagging it.