jonathontoon
commented
5 years ago Thanks for reporting @jasonbrown1965.
This is a bit out of the range of my capability to solve at present but from what I have been able to gather the false positive is being generated by the electron bundler which I rely on from electron-react-boilerplate.
The exact detection you mentioned also seems to have cropped up in some fairly high-profile projects too.
Another thing which may be the culprit is that Windows installers which are not signed (which I have not bothered to do due to the purpose of this project) may result in some funky behavior like you have mentioned.
I'll keep this issue open for the sake of transparency and in case any one else has additional experience which could be offered as a solution.
jasonbrown1965
Expected Behavior
That Tweet-tray would get a clean bill of health from VirusTotal
Current Behavior
VirusTotal returns an alert from one of 70 malware scan engines, namely BKAV, a Vietnamese-based authority recognised by Google et al. Specifically, a "HW32.Packed" See: https://www.virustotal.com/gui/file/f7eb18938766fe68dcc9cba06ccab6f8d44ca2ee6710669ea5cdc4d5e3345050/detection
Possible Solution
False positive? Be good to get confirmation from BKAV themselves.
Context
Not criticism, but should be addressed. So far my experience in open source is to be brusquely rejected, be great to see a great looking app get past what might just be a technical glitch.
Code Sample
Not possible because not installed after seeing VirusTotal alert.
Your Environment
Downloaded tweet-tray from this site, uploaded to Virus Total, via Iridium, on Win 7 Pro, all usuals up to date.