Virus - Githubissues

fedorovvl / tso_client

The Settlers Online client

42 stars 24 forks source link

Virus #399

Open Coffeeye opened 2 days ago

Coffeeye commented 2 days ago

So the nevest client file raise alarm on W11.

fedorovvl commented 2 days ago

as always.. check #185 for ex =)

Coffeeye commented 2 days ago

Thats actualy the first time and I've been using prev releases for some time now. Windows never done it before.

Notthatimportantnah commented 2 days ago

Trojan:Win32/Wacatac.B!ml

const { doSign } = require('app-builder-lib/out/codeSign/windowsCodeSign')

/**

@type {import("electron-builder").CustomWindowsSign} sign */ module.exports = async function sign(config, packager) { // Do not sign if no certificate is provided. if (!config.cscInfo) { return }

// Do not sign elevate file, because maybe that prompts virus warning? const targetPath = config.path if (targetPath.endsWith('elevate.exe')) { return }

return doSign(config, packager) }

fedorovvl commented 2 days ago

i dont have code signing certificate..

Coffeeye commented 2 days ago

If this part is not important, please make version that does not implement that part of code and continue with it for future compilation.

Or maybe try different approach if possible ?

fedorovvl commented 2 days ago

If this part is not important, please make version that does not implement that part of code and continue with it for future compilation.

Or maybe try different approach if possible ?

what part? Notthatimportantnah post code for signing

Coffeeye commented 2 days ago

what part?

The one thats rising alert in v1.5.8.0 and does not in v1.5.7.0 :)

skelgaard commented 2 days ago

what part?

The one thats rising alert in v1.5.8.0 and does not in v1.5.7.0 :)

and what line of code do you think it is ? https://github.com/fedorovvl/tso_client/compare/v1.5.7.0%E2%80%A6v1.5.8.0

Coffeeye commented 2 days ago

Brief look on those changes, I can understand why scanners get suspicious. In my opinion direct loading files from the cloud in a manner that involves dynamic token handling, encrypt, and file operations without full visibility into the structure and content of these files can raise security concerns...

Without insight into what exactly is being downloaded from Dropbox and how it is used, it's difficult to ensure that these operations don't inadvertently introduce vulnerabilities or expose sensitive data?

This gives anyone whos got access to those files a window for manipulation