Installing a obs-plugintemplate based plugin should not result in anti-virus reporting threat
Current Behavior
obs-plugintemplate based plugins installed on Windows have a url shortcut installed that defaults to pointing to http://www.mywebsite.com.
This is an unfortunate choice because that redirects to what looks like a poorly convincing phishing site:
I suspect that this URL is a known phishing site and is why some AV software may flag shortcuts pointing to is as being a potential threat.
Steps to Reproduce
(Reported 2nd hand from user)
On Windows:
Install Norton Anti-Virus
Install a plugin based on obs-plugintemplate that does not change the default MyAppURL "http://www.mywebsite.com"
At some point in time during or shortly after the installation Norton will pop up the following:
If an AV does not flag this url as a threat, then opening the installed url shortcut...
...browses to http://www.mywebsite.com which redirects to a poorly convincing phishing site:
https://a1e24d2a-2434-467c-b2a2-c6dfd5f7e8a4.s3.ap-northeast-2.amazonaws.com/%26%25%5E%24%26%26%40%5E%23%5E!%23!%25%25%25!%24%5E%5E!%25!%40%26%23!%24%25%24%40%26%24%25!%23%40%23%24%40%26%25%23%40%23/index.html?&C=Kirkland&S=145471043&Q=145471043.com&SR=47059&IP=my%20website%20design&RE=50.47.211.46&KEY=98034&Z
I suggest that PLUGIN_URL be definable in CMakeList.txt and/or buildspec.json and populated in installer-Windows.iss.in during build time similar to PLUGIN_AUTHOR, etc.
Operating System Info
Windows 11
Other OS
No response
OBS Studio Version
29.0.2
OBS Studio Version (Other)
No response
OBS Studio Log URL
not relevant
OBS Studio Crash Log URL
No response
Expected Behavior
Installing a obs-plugintemplate based plugin should not result in anti-virus reporting threat
Current Behavior
obs-plugintemplate based plugins installed on Windows have a url shortcut installed that defaults to pointing to
http://www.mywebsite.com
. This is an unfortunate choice because that redirects to what looks like a poorly convincing phishing site:I suspect that this URL is a known phishing site and is why some AV software may flag shortcuts pointing to is as being a potential threat.
Steps to Reproduce
(Reported 2nd hand from user) On Windows:
MyAppURL "http://www.mywebsite.com"
At some point in time during or shortly after the installation Norton will pop up the following:
If an AV does not flag this url as a threat, then opening the installed url shortcut... ...browses to
http://www.mywebsite.com
which redirects to a poorly convincing phishing site:https://a1e24d2a-2434-467c-b2a2-c6dfd5f7e8a4.s3.ap-northeast-2.amazonaws.com/%26%25%5E%24%26%26%40%5E%23%5E!%23!%25%25%25!%24%5E%5E!%25!%40%26%23!%24%25%24%40%26%24%25!%23%40%23%24%40%26%25%23%40%23/index.html?&C=Kirkland&S=145471043&Q=145471043.com&SR=47059&IP=my%20website%20design&RE=50.47.211.46&KEY=98034&Z
Anything else we should know?
Found in https://github.com/obs-ndi/obs-ndi/issues/455
I suggest that
PLUGIN_URL
be definable inCMakeList.txt
and/orbuildspec.json
and populated ininstaller-Windows.iss.in
during build time similar toPLUGIN_AUTHOR
, etc.