UDS:Trojan.Win32.Yephiller.Bok

[Daru00]

Well cleo 5 is being detected as a trojan so can't be used.

[x87]

These virus reports are a joke. They flag even an empty DLL.

If you don't trust a pre-built version, build CLEO from source code using VS 2022, see how our CI does it.

[x87]

https://www.virustotal.com/gui/file/af97f9683846a5c0199029b5abd606b88d4f1afb69cc83a3befd2a2ae3f95f7a?nocache=1 Dll1.zip

3 AVs flag the code below, find any trojan in it:

// dllmain.cpp : Defines the entry point for the DLL application.
#include "pch.h"

#pragma once
#pragma warning(disable:4733)
#define _USE_MATH_DEFINES
#define WIN32_LEAN_AND_MEAN
#undef UNICODE

#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <memory>
#include <assert.h>
#include <algorithm>
#include <filesystem>
#include <fstream>
#include <direct.h>
#include <list>
#include <vector>
#include <set>
#include <cstdint>

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                     )
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

[Daru00]

using kaspersky,avg,avira,clamav, and lastly avast all of them detect cleo as the one mentioned. And that code is quite known so normally isn't flagged by anything at all unless someone put a trojan on them.

[MiranDMC]

It was not like that before, and code was not touched since then. Even locally build dll gives same results. Virus Total returns several false positives, where half of them are bullshit names like 'genericX' or straight 'suspicious'. We need to take look at is, as for example CLEO4 has no problems while contains very similar set of features.

[CanerKaraca23]

@x87 @MiranDMC I forked and updated Visual version and SDK again for trying if it's really impact on virus flags.

It's even good now. So downgrade is unnecessary and even bad. You guys can upgrade it again if you want.

6 detection on latest commit: https://www.virustotal.com/gui/file/3e7ac4b7673a25ab72e23fe76f8c53d0404ff71b31837208c405f13654e52bb1/detection

2 detection after my fork: https://www.virustotal.com/gui/file/d082ccb291fb35f7e11644c37a31f9bca3d063c7d49c6ba86b731b80b5af6499/detection

But after this, unfortunately Malwarebytes which is very popular AV, flags as a virus, but you avoid Avast and AVG which also popular. Maybe you can report to Malwarebytes for it's not a virus if it's possible.

[MiranDMC]

@CanerKaraca23 Make sure you are doing tests on current code, or even better on https://github.com/cleolibrary/CLEO5/tree/malware_fixes_3 branch. What version exactly did you use? We will probably select explicit version for automatic builds to avoid problem where Gihub update build environment and things start to act differently.

[CanerKaraca23]

@CanerKaraca23 Make sure you are doing tests on current code, or even better on https://github.com/cleolibrary/CLEO5/tree/malware_fixes_3 branch. What version exactly did you use? We will probably select explicit version for automatic builds to avoid problem where Gihub update build environment and things start to act differently.

I did tests on current code. Will try the new branch.

I just reverted these commits, and updated tools version 15 to 17, no extra things:

https://github.com/cleolibrary/CLEO5/commit/7795c5c0582901d73409908f6ec311f011dac90d

https://github.com/cleolibrary/CLEO5/commit/7694d3a488467ed1bbb7706852945369f355ef5f

https://github.com/cleolibrary/CLEO5/commit/302843fd94863a62b2d342eaacadb4a8acd703e5

Used latest version, not exactly a specific versions like old times.

[MiranDMC]

Used latest version, not exactly a specific versions like old.

Yes, but the it uses some specific Win SDK version you have installed locally. I updated CI steps, so it will now be possible to test few SDK versions here.

[MiranDMC]

Fixed in alpha 63