Empty File detected as Malware

[Kristall97]

Hello,

When scanning a directory and it contains empty files, these empty files (0 bytes) are detected as "Malicious.d41d8".

[leminhthanh1998]

Hi, Which version are you using?

[Kristall97]

Version 6.2 But Machine Learning feature was disabled.

[Kristall97]

To test, I enabled cloud detection and YARA signatures.

[leminhthanh1998]

Can you give me some empty files, because I tested and didn't get that error.

[Kristall97]

Sorry, I can't upload empty files here. But for this I have a screenshot. In the meantime, however, another detection is displayed.

Just create an empty text file and then right click -> select Scan with LMT AntiMalware.

[Kristall97]

Why the AI says "100%"?

[leminhthanh1998]

Sorry, I can't upload empty files here. But for this I have a screenshot. In the meantime, however, another detection is displayed.

Just create an empty text file and then right click -> select Scan with LMT AntiMalware.

Thanks, I will check it!

[Kristall97]

Nice, Thanks. I testet with a "Custom scan":

[leminhthanh1998]

Nice, Thanks. I testet with a "Custom scan":

I will update the database again, then this problem will be gone!

[leminhthanh1998]

The database has been updated!

[Kristall97]

Today I ran another custom scan and the empty files were detected again. Just like on the screenshot.

My Settings:

I unfortunately had to turn off the AI, since it also shows 100% for empty files.

[leminhthanh1998]

Hummmm, I saw you named the file with ".exe" at the end, and of course, it's not a valid .exe file so it can make the AI Model think it's malware.

[Kristall97]

Hummmm, I saw you named the file with ".exe" at the end, and of course, it's not a valid .exe file so it can make the AI Model think it's malware.

Okay thanks, then this was a bad test from me. Now I tested with real malware:

What exactly does CuteDuck do and how does CuteDuck work? CuteDuck is supposed to use the engine of ClamAV according "Settings"-Tab?

I also saw that you have YARA support built into your program. YARA is very strong.

I would suggest there maybe to implement the YARA in CuteDuck and create a really nice YARA there. Virustotal uses this for example: https://raw.githubusercontent.com/ditekshen/detection/master/yara/malware.yar

For this I also saw something with "CloudAV", you could make that to ClamAV-Engine and have a new cool name for a really strong weapon :)

Thanks for the program and thanks for the work! If there is a possibility I will continue to help you as soon as I notice something :)

[leminhthanh1998]

Hummmm, I saw you named the file with ".exe" at the end, and of course, it's not a valid .exe file so it can make the AI Model think it's malware.

Okay thanks, then this was a bad test from me. Now I tested with real malware:

What exactly does CuteDuck do and how does CuteDuck work? CuteDuck is supposed to use the engine of ClamAV according "Settings"-Tab?

I also saw that you have YARA support built into your program. YARA is very strong.

I would suggest there maybe to implement the YARA in CuteDuck and create a really nice YARA there. Virustotal uses this for example: https://raw.githubusercontent.com/ditekshen/detection/master/yara/malware.yar

For this I also saw something with "CloudAV", you could make that to ClamAV-Engine and have a new cool name for a really strong weapon :)

Thanks for the program and thanks for the work! If there is a possibility I will continue to help you as soon as I notice something :)

Yeah, currently Yara is not integrated into CuteDuck engine, it only works in Realtime Protection feature. And in the past, when the CloudAV feature was still active, it would use a ClamAV docker on Azure to scan files, but I have temporarily disabled it because it's expensive :D I suggest we can go to Discord to discuss further 😁 https://discord.gg/B5AWUeHxn6