search

oocx / acme.net

A .net implementation of ACME (Automatic Certificate Management Environment)
MIT License
89 stars 19 forks source link

Security software with malware? #16

Closed rfaix closed 7 years ago

rfaix commented 7 years ago

Isn't it nice to get security software with malware combined? screenshot 2017-03-22 15 42 25

oocx commented 7 years ago

Which file / release did you scan?

rfaix commented 7 years ago

The newest one 0.0.65 https://github.com/oocx/acme.net/releases/tag/0.0.65

best regards Rudolf Faix Affiliate Marketing Reviews http://affiliates.wwpa.com/ Fraud & Scam Systems http://fraud-systems.wwpa.com/ Offshore Outsourcing & Scammer http://blog.wwpa.com/

On Wed, Mar 22, 2017 at 3:50 PM, Mathias Raacke notifications@github.com wrote:

Which file / release did you scan?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/oocx/acme.net/issues/16#issuecomment-288322749, or mute the thread https://github.com/notifications/unsubscribe-auth/AS-tEMPD3ovLRFICWSdEViEQ5TyHPYhjks5roNK4gaJpZM4Mk1Y_ .

oocx commented 7 years ago

Thanks for reporting this.

I'm currently at work, but I will look into this issue when I'm back home.

Releases are build on AppVeyor and published from there to GitHub automatically. If it really contains malware and is not just a false positive, then AppVeyor has a problem with their build servers.

rfaix commented 7 years ago

Where ever the Malware has been coming inside, it needs to get removed. 😂 It can be a problem from the hosting provider too. I had today a second case too.

best regards Rudolf Faix Affiliate Marketing Reviews http://affiliates.wwpa.com/ Fraud & Scam Systems http://fraud-systems.wwpa.com/ Offshore Outsourcing & Scammer http://blog.wwpa.com/

On Wed, Mar 22, 2017 at 4:17 PM, Mathias Raacke notifications@github.com wrote:

Thanks for reporting this.

I'm currently at work, but I will look into this issue when I'm back home.

Releases are build on AppVeyor and published from there to GitHub automatically. If it really contains malware and is not just a false positive, then AppVeyor has a problem with their build servers.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/oocx/acme.net/issues/16#issuecomment-288327552, or mute the thread https://github.com/notifications/unsubscribe-auth/AS-tELpltkWavUQOINgrt7jw5-pGAEl-ks5roNkYgaJpZM4Mk1Y_ .

mj2015 commented 7 years ago

I have run that file through VirusTotal.com and it has a score of 2/60 vendors showing it as bad. Given the age of the file, I suspect it is simply a false alarm, and you should contact the virus vendor to tell them.

https://virustotal.com/en-gb/file/8c3c0be2bd3eb6e35bc8c305a3232675d2d7d885802f2c37654bb5ee7598f1fa/analysis/1490175678/

oocx commented 7 years ago

I have analyzed the file with metadefender and VirSCAN.org. Metadefender found nothing (0/40), VirSCAN.org 1 out of 39. I assume that that's a heuristic scan reporting a false positive.

rfaix commented 7 years ago

Bitdefender and Avira are the engines, which are saying it is malware. Nobody will take the risk and turn off his virus engine for installing a software. With other words, it does not help anybody to say it is a false positive.

best regards Rudolf Faix Affiliate Marketing Reviews http://affiliates.wwpa.com/ Fraud & Scam Systems http://fraud-systems.wwpa.com/ Offshore Outsourcing & Scammer http://blog.wwpa.com/

On Sun, Mar 26, 2017 at 3:59 AM, Mathias Raacke notifications@github.com wrote:

I have analyzed the file with metadefender and VirSCAN.org. Metadefender found nothing (0/40), VirSCAN.org 1 out of 39. I assume that that's a heuristic scan reporting a false positive.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/oocx/acme.net/issues/16#issuecomment-289235683, or mute the thread https://github.com/notifications/unsubscribe-auth/AS-tEBTGTKqtyWocQ3wvB-rcJIheKDMfks5rpXI4gaJpZM4Mk1Y_ .

oocx commented 7 years ago

So it's a problem with Avira and Bitdefender, not with the .exe here. You should report the problem to them if you care about it.

This is not a commercial product and not even an open source project that was created to be used in production. I clearly state in the readme "I created this project as a training excercise". I posted it to Github so that others can use my code if it is useful to them. There are other acme clients that were actually created to be used in production environments. If my project does not work for you, you can either modify it and submit a pull request, fork it and work on your own branch, or simply use one of the other clients.