search

jd-13 / MONSTR-Stereo-Imaging

MONSTR is a multiband stereo imaging plugin, available in VST, VST3 and Audio Unit formats.
https://whiteelephantaudio.com/plugins/monstr/
GNU General Public License v3.0
23 stars 1 forks source link

MALWARE DETECTED #27

Closed THEMADPROFdj closed 4 months ago

THEMADPROFdj commented 4 months ago

Download Link:: https://github.com/jd-13/wea-releases/releases/download/monstr-v2.1.2/MONSTR.v2.1.2.zip

Detection Link:https://www.filescan.io/uploads/6631c9ddca951b8594594ebf I hope that you can explain/resolve.

jd-13 commented 4 months ago

Hi, thanks for reporting.

Everything that's listed under Suspicious in the MONSTR.vst3 looks like basic functionality of the JUCE library. This is used to build most audio plugins, and provides functions for things like navigating the file system, starting/stopping processes, etc.

Everything that's listed under Malicious is actually just from a font file that's embedded in the plugin. The file comes from this repo, specifically Montserrat-Regular.ttf.

If you download that file and upload it for analysis, it returns the same result. I can't be sure as I don't know how their detection works, but I assume it's misinterpreting some strings in the ttf as URLs, and treating anything ending in .sc (wiki) as malicious.

And if you upload this version of the font file as provided by Google, you'll also get the same result again.

jd-13 commented 4 months ago

Closing as there's no action needed, let me know if you have any more questions or issues

THEMADPROFdj commented 4 months ago

Thank You for responding. Due to my budget (or lack there of), I'm still operating on Windows 7 Professional on a 2010 HP laptop. So I have to be extra diligent. I usually run with Linux distros. But the sheer amount of VST plugins and hosts (using stand alone Pedalboard2) for Windows makes it worth the ever present risk. Thanks verifying your code. I'm still learning, so, hence a little paranoid.