some scanners from virustotal.com triggers false-postive

[lian]

all important scanners are fine with the builds. (Microsoft, Avast, ClamAV, F-Secure, CrowdStrike Falcon)

but MaxSecure triggers a false-positive for Trojan.Malware.300983.susgen that i haven't found a way to work around.

https://www.virustotal.com/gui/file/946f9fa093369c29e3f8db51293b84bc7296ae4ed68112b2aebfa71ae85e349c/detection

previous discussion https://github.com/lian/msfs2020-go/issues/13

edit: Microsoft now too, although yesterday it liked the exact same zip file, now it says Trojan:Win32/Emali.A!cl

this is from the official golang website: https://golang.org/doc/faq#virus

Why does my virus-scanning software think my Go distribution or compiled binary is infected?

This is a common occurrence, especially on Windows machines, and is almost always a false positive. Commercial virus scanning programs are often confused by the structure of Go binaries, which they don't see as often as those compiled from other languages.

[hcooper]

Would it be possible to update the README.md with a note about this problem please. That way it's easier for people to be reassured that there isn't a real virus problem. Thanks.

[lian]

given that this only alerts you when you have MaxSecure installed or check with virustotal, it might confuse more people than it would otherwise when it on the readme.

[legop3]

not the exact same problem but windows wont even let me open the file.

[hcooper]

@lian your call, I thought it was wider spread (hence the readme suggestion), but I've re-read your comments on issue #13.

@legop3 - reading github issue #13, it seems that was a passing problem which went away when they rebuilt. However I also get it when running the most recent "release" (I can't be bothered setting up a build environment to compile locally).

[lian]

whats weird is yesterday my virustotal run of v0.0.5.zip only showed MaxSecure. today it suddenly shows Microsoft again https://www.virustotal.com/gui/file/946f9fa093369c29e3f8db51293b84bc7296ae4ed68112b2aebfa71ae85e349c/detection :(

like the scanners can't make up their mind :(

[lian]

@hcooper you are right, if its wider spread. will see how to best word this in the readme. am super annoyed by this, having to defend my open source code from false-postive scanners, would rather add features to the program as well :joy:

[lian]

added a note to both readme's

https://github.com/lian/msfs2020-go#why-does-my-virus-scanning-software-think-this-program-is-infected https://github.com/lian/msfs2020-go/tree/master/vfrmap#why-does-my-virus-scanning-software-think-this-program-is-infected

this really sucks though :(

[odinnix]

You can "allow" it if Windows Defender/Edge is picking it up:

• Download the file, it will fail
• Start -> Virus & Threat Protection
• 'Protection History'
• Expand the 'Remediation header' that is to the file and press allow
• redownload

[lian]

@odinnix thanks! unfortunately this will be too much for many users :(

just a minute ago i thought to have a solution, my zip passed all scanners on virustotal, was about to happily upload and put this issue to rest, then i hit reanalyze-file and then the microsoft scanner decided to not like the exact same file it did 5 min before anymore. this is such bullshit, i'm almost done with putting time into this project :disappointed:

[th-bu]

I wouldn't put to much thought into this. I think the majority of users don't have any problems. I have Windows Defender running and can use the program without any problems.

[lian]

closing this for now. the last two releases v0.0.6 and v0.0.7 keept without false positives on virustotal. main thing i did was strip the debug info from the golang binary.

[lian]

reopen this due to https://github.com/lian/msfs2020-go/issues/32

[lian]

was hoping i solved this. when i uploaded v0.0.7 last night all virustotal scanners (including microsoft) were happy.

at state of writing this all scanners are green here: https://www.virustotal.com/gui/file/3d7dc453123b2c8bf0c27dfa03ae9d477347318b4e953711c6ff5f20e047b819/detection

[LotheronPrime]

Still detecting as a virus with 0.0.7, Edge Chromium/Defender

[GithubUser12882873929]

I was trying to download something but before i did i scanned it with virus total and it said Trojan.Malware.300983.susgen from MaxSecurity does it mean its a negative or a false positive?

https://www.virustotal.com/gui/file/53b0d5f054a635708e7d0d3939c14ac3ff1a46e06f52c4fab4f658146c24a918/detection

[hubert838]

1945 is virus not clik this lol

[Starmania]

MaxSecure is not very good as Anti Virus, he detected a .txt file as a virus... Link of VT report.

[Starmania]

If you have time, you can tell to maxsecure your file is a false positive here.

[Zigzag129]

If you have time, you can tell to maxsecure your file is a false positive here.

are you sure? bcuz im concerned about the file that i scanned in virustotal that only maxsecure that detects the file as a trojan

[maechtische]

are you programming in c# .net framework

[Ryochan7]

I remember having issues with a .NET app for no reason until I was able to sign binaries with an OV cert. No problems with several releases after that. I am convinced that the blatant false positives are merely part of an extortion racket. Can't trust VirusTotal results.

[wikolopadm]

I get the same problem using the LARAGON program and also with NGROK. There is the site https://www.hybrid-analysis.com/ which is very good for testing files it gives different result