0xd4d
commented
6 years ago To me it looks like a top 5 list of bad anti-virus products. ;)
It's a 4K file, have you used ILDASM or a decompiler or a hex editor?
Open RDunkley opened 6 years ago
0xd4d
commented
6 years ago To me it looks like a top 5 list of bad anti-virus products. ;)
It's a 4K file, have you used ILDASM or a decompiler or a hex editor?
sharwell
commented
6 years ago @Shyam-Gupta @dotnet/roslyn-infrastructure Can you submit this test file to the two mentioned services for exclusion in future updates?
RDunkley
commented
6 years ago I ran it through ILDASM, but couldn't see anything odd. I'm not an expert tho. Not sure what is causing the AVs to flag it. Here is the Disassembly:
// Microsoft (R) .NET Framework IL Disassembler. Version 4.6.1055.0 // Copyright (c) Microsoft Corporation. All rights reserved.
// Metadata version: v4.0.30319 .assembly extern mscorlib { .publickeytoken = (B7 7A 5C 56 19 34 E0 89 ) // .z\V.4.. .ver 4:0:0:0 } .assembly extern Microsoft.VisualBasic { .publickeytoken = (B0 3F 5F 7F 11 D5 0A 3A ) // .?_....: .ver 10:0:0:0 } .module MTTestModule1.netmodule // MVID: {21DA7B8B-C783-474D-AAE2-DE3D45C0CBBD} .imagebase 0x00400000 .file alignment 0x00000200 .stackreserve 0x00100000 .subsystem 0x0002 // WINDOWS_GUI .corflags 0x00000001 // ILONLY // Image base: 0x05A40000
// =============== CLASS MEMBERS DECLARATION ===================
.class public auto ansi Class1 extends [mscorlib]System.Object { .method public specialname rtspecialname instance void .ctor() cil managed { // Code size 7 (0x7) .maxstack 8 IL_0000: ldarg.0 IL_0001: call instance void [mscorlib]System.Object::.ctor() IL_0006: ret } // end of method Class1::.ctor
} // end of class Class1
.class public auto ansi Class2 extends [mscorlib]System.Object { .method public specialname rtspecialname instance void .ctor() cil managed { // Code size 7 (0x7) .maxstack 8 IL_0000: ldarg.0 IL_0001: call instance void [mscorlib]System.Object::.ctor() IL_0006: ret } // end of method Class2::.ctor
} // end of class Class2
.class public auto ansi sealed Delegate1 extends [mscorlib]System.MulticastDelegate { .method public specialname rtspecialname instance void .ctor(object TargetObject, native int TargetMethod) runtime managed { } // end of method Delegate1::.ctor
.method public newslot strict virtual instance class [mscorlib]System.IAsyncResult BeginInvoke(class [mscorlib]System.AsyncCallback DelegateCallback, object DelegateAsyncState) runtime managed { } // end of method Delegate1::BeginInvoke
.method public newslot strict virtual instance void EndInvoke(class [mscorlib]System.IAsyncResult DelegateAsyncResult) runtime managed { } // end of method Delegate1::EndInvoke
.method public newslot strict virtual instance void Invoke() runtime managed { } // end of method Delegate1::Invoke
} // end of class Delegate1
.class interface public abstract auto ansi Interface1 { .custom instance void [mscorlib]System.Reflection.DefaultMemberAttribute::.ctor(string) = ( 01 00 07 49 6E 64 65 78 65 72 00 00 ) // ...Indexer.. .method public newslot abstract strict virtual instance void Method1() cil managed { } // end of method Interface1::Method1
.method public newslot abstract strict virtual instance void Method3(int32 x) cil managed { } // end of method Interface1::Method3
.method public newslot abstract strict virtual instance void Method4(class Class1 x) cil managed { } // end of method Interface1::Method4
.method public newslot specialname abstract strict virtual instance string get_Property1() cil managed { } // end of method Interface1::get_Property1
.method public newslot specialname abstract strict virtual instance void set_Property1(string Value) cil managed { } // end of method Interface1::set_Property1
.method public newslot specialname abstract strict virtual instance int32 get_Property3() cil managed { } // end of method Interface1::get_Property3
.method public newslot specialname abstract strict virtual instance void set_Property3(int32 Value) cil managed { } // end of method Interface1::set_Property3
.method public newslot specialname abstract strict virtual instance class Class1 get_Property4() cil managed { } // end of method Interface1::get_Property4
.method public newslot specialname abstract strict virtual instance void set_Property4(class Class1 Value) cil managed { } // end of method Interface1::set_Property4
.method public newslot specialname abstract strict virtual instance string get_Indexer(string x) cil managed { } // end of method Interface1::get_Indexer
.method public newslot specialname abstract strict virtual instance void set_Indexer(string x, string Value) cil managed { } // end of method Interface1::set_Indexer
.method public newslot specialname abstract strict virtual instance string get_Indexer(int32 x, int32 y, int32 z) cil managed { } // end of method Interface1::get_Indexer
.method public newslot specialname abstract strict virtual instance void set_Indexer(int32 x, int32 y, int32 z, string Value) cil managed { } // end of method Interface1::set_Indexer
.method public newslot specialname abstract strict virtual instance class Class1 get_Indexer(class Class1 x, class Class1 y, class Class1 z, class Class1 w) cil managed { } // end of method Interface1::get_Indexer
.method public newslot specialname abstract strict virtual instance void set_Indexer(class Class1 x, class Class1 y, class Class1 z, class Class1 w, class Class1 Value) cil managed { } // end of method Interface1::set_Indexer
.method public newslot specialname abstract strict virtual instance void add_Event1(class [mscorlib]System.Action obj) cil managed { } // end of method Interface1::add_Event1
.method public newslot specialname abstract strict virtual instance void remove_Event1(class [mscorlib]System.Action obj) cil managed { } // end of method Interface1::remove_Event1
.method public newslot specialname abstract strict virtual
instance void add_Event3(class [mscorlib]System.Action`1
.method public newslot specialname abstract strict virtual
instance void remove_Event3(class [mscorlib]System.Action`1
.method public newslot specialname abstract strict virtual instance void add_Event4(class Delegate1 obj) cil managed { } // end of method Interface1::add_Event4
.method public newslot specialname abstract strict virtual instance void remove_Event4(class Delegate1 obj) cil managed { } // end of method Interface1::remove_Event4
.event [mscorlib]System.Action Event1
{
.removeon instance void Interface1::remove_Event1(class [mscorlib]System.Action)
.addon instance void Interface1::add_Event1(class [mscorlib]System.Action)
} // end of event Interface1::Event1
.event class [mscorlib]System.Action1<int32> Event3 { .addon instance void Interface1::add_Event3(class [mscorlib]System.Action1
.class interface public abstract auto ansi Interface21<T> { .method public newslot abstract strict virtual instance void Method1(!T t) cil managed { } // end of method Interface21::Method1
.method public newslot specialname abstract strict virtual instance !T get_Property1() cil managed { } // end of method Interface2`1::get_Property1
.method public newslot specialname abstract strict virtual instance void set_Property1(!T Value) cil managed { } // end of method Interface2`1::set_Property1
.method public newslot specialname abstract strict virtual
instance void add_Event1(class [mscorlib]System.Action1<!T> obj) cil managed { } // end of method Interface21::add_Event1
.method public newslot specialname abstract strict virtual
instance void remove_Event1(class [mscorlib]System.Action1<!T> obj) cil managed { } // end of method Interface21::remove_Event1
.event class [mscorlib]System.Action1<!T> Event1 { .addon instance void Interface21::add_Event1(class [mscorlib]System.Action1<!T>) .removeon instance void Interface21::remove_Event1(class [mscorlib]System.Action1<!T>) } // end of event Interface21::Event1
.property instance !T Property1()
{
.set instance void Interface21::set_Property1(!T) .get instance !T Interface21::get_Property1()
} // end of property Interface21::Property1 } // end of class Interface21
// =============================================================
.custom ([mscorlib]System.Runtime.CompilerServices.AssemblyAttributesGoHere) instance void [mscorlib]System.Reflection.AssemblyFileVersionAttribute::.ctor(string) = ( 01 00 07 32 2E 30 2E 30 2E 30 00 00 ) // ...2.0.0.0.. .custom ([mscorlib]System.Runtime.CompilerServices.AssemblyAttributesGoHere) instance void [mscorlib]System.Reflection.AssemblyVersionAttribute::.ctor(string) = ( 01 00 07 32 2E 30 2E 30 2E 30 00 00 ) // ...2.0.0.0.. // * DISASSEMBLY COMPLETE *****
The following file is flagging as a virus:
/src/Compilers/Test/Resources/Core/SymbolsTests/V2/MTTestModule1.netmoduleIt appears to be an executable for testing, but doesn't seem to me to fit with the changeset it was submitted with (mass renaming of Docs). It was originally flagged in McAfee and is now being flagged by Microsoft, TrendMicro, and Cylance. Here are the results:
https://www.virustotal.com/#/file/d0d27f1410ecc753f657498a37c568597aba3285490fcfd250ddca719fdcbbc8/detection
Version Used: master branch
Steps to Reproduce:
Expected Behavior: File shouldn't flag as a virus. If this is a false positive then perhaps the AV vendors should be notified.
Actual Behavior: File is reported as an RDN/Generic.RP virus by McAfee. PUA:Win32/Presenoker by Microsoft, and TROJ_GEN.R002H06H318 by TrendMicro.