Latest msys2 installer flagged as malicious

msys2 / msys2-installer

The one-click installer for MSYS2

BSD 3-Clause "New" or "Revised" License

561 stars 87 forks source link

Latest msys2 installer flagged as malicious #39

Closed elsaco closed 2 years ago

elsaco commented 2 years ago

The latest msys2 installer is flagged as malicious by BitDefenderTheta at https://virustotal.com:

msys2_warning

Also, the checksum on the website is different than the one from GitHub release:

Verify with SHA256 checksum 5e188c7f3d564a2291d20b717712bb6f789a17b415e540f528c0025130ada4e1

Is it safe to install msys2-x86_64-20220118.exe? Thx!

lazka commented 2 years ago

Also, the checksum on the website is different than the one from GitHub release:

Oh, I used the checksum from the .sfx installer when updating the website. Thanks

edit: fixed in https://github.com/msys2/msys2.github.io/commit/65a0f4baa72627b7403ff22

lazka commented 2 years ago

For future reference, here is the result link: https://www.virustotal.com/gui/file/845cf6a7ea239b3ce3f5b26636a938f70a24b13baccb348119bdf5325ba0f211

Either way, false positives from some virus scanners happens regularly and there isn't much we can do really. If it makes you feel better you can use the previous installer release.

Feel free to still report your virustotal findings in the future.