Open Pareidol opened 2 years ago
Pareidol
commented
2 years ago But strangely, if I test the link for the exe directlly, it shows no virus. https://www.virustotal.com/gui/url/d91b515ec94916cb97c2e410b4ecc5a3727978a5782650738d8ce3004df5ace5
Technetium1
commented
2 years ago Unsigned files will always give a smartscreen warning, until their alternate data stream contains information marking that you've accepted the risk of running an 'unknown' exe at least once. You can read more about that here.
As for the VT results, that's a false positive and can't really be avoided, as the application is built with pyinstaller. More info about why that happens here.
Every time I release my ChocolateyUpdate binary I have to report it as a false positive to Microsoft, otherwise it's automatically quarentined during the self update process, which is obnoxious for the users. Not everyone can afford to sign their binaries.
oleksis
commented
2 years ago This release is reviewed by Community and Microsoft rules. Check the validation here: https://github.com/microsoft/winget-pkgs/pull/41279#issuecomment-1015617246
githottub
commented
2 years ago I downloaded the latest portable version for windows...
FYI: Just because it is the EXE instead of the MSI does not mean it is a portable version. Be aware that it does leave files on the C drive. See the following topic on a portable version enhancement request:
https://github.com/oleksis/youtube-dl-gui/issues/10
If you (or anyone else reading this) would also find a portable version useful then upvote the enhancement request above or offer your help if you have coding skills.
eli-se
commented
2 years ago sorry for bothering you, where does it leave files on the c drive? I apologize I am new in these things...
oleksis
commented
2 years ago sorry for bothering you, where does it leave files on the c drive? I apologize I am new in these things...
In this comment see where located the settings and the CLI Backends
carlkl
commented
2 years ago I jump into the discussion, as someone in my entourage took a deeper look into virustotal and found some possible suspicious data: Contacted Domains and Contacted IP addresses to IP addresses that itself could be links to malware: https://www.virustotal.com/gui/file/71d4fc4eea97199218fdde36717e90326ed0fd4bd980c6afbffc263514e34be9/relations
I have no clue if this a false alarm of virustotal (personally I think so) or not, but I think that a real problem with malware would have been discovered long ago. Is there an idea, where this IP addresses may come from?
oleksis
commented
2 years ago You can check the steps for build the yt-dlg-20220118.3.msi MSI package using Azure Pipelines
Technetium1
commented
2 years ago The IPs belong to Microsoft, https://asrank.caida.org/asns/8068 & https://asrank.caida.org/asns/8075 confirm as much. False-positive for sure.
Catscrath25
commented
1 year ago Avast also seems to block the website used to download the exe
oleksis
commented
1 year ago For Windows users can install yt-dlg from the Store: https://apps.microsoft.com/store/detail/ytdlg/XP9CCFSWS911F5
I downloaded the latest portable version for windows (like I did for the 0.4 version a long time ago). As I tried to run it i got a Windows warning ("pc protected trough windows" or similar). Next I tested the downloaded file via virustotal, and there I also got some warnings. I also tested the .msi and got warnings as well.
https://www.virustotal.com/gui/file/71d4fc4eea97199218fdde36717e90326ed0fd4bd980c6afbffc263514e34be9 https://www.virustotal.com/gui/file/52151f4964b9da2ba96dadb2050491e26f89ef4291ce9a5e08c60093a7532aef