search

samkusin / clemens_iigs

An Apple IIgs Emulator and Debugger written in C/C++ for Windows, Linux and macOS
https://samirsinha.com/tags/appleiigs/
MIT License
59 stars 4 forks source link

Clemens 0.6 malware detected or not? #147

Closed dor73 closed 5 months ago

dor73 commented 1 year ago

Version 0.6 Clemens downloaded from the releases page. No problem with Windows Defender (Windows 10 64bit), but detected 1 malware (Bkav Pro W32.AIDetectMalware.64) with VirusTotal online. Maybe it's a false positive.?

samkusin commented 1 year ago

The executable was built on a GitHub runner and copied to a macOS device that was later uploaded to the release page. This is the job that generates the exe in a zip archive.

https://github.com/samkusin/clemens_iigs/actions/runs/5892110026

I'll investigate whether another build yields the same results.

I've seen this particular malware flagged as a false positive in other cases. But I can't authoritatively say this is a false positive without more context. I've ran this executable through other "top" online file checkers like Opentip, jotti, and Internxt with no malware found - though VirusTotal is usually the best of these checkers.

samkusin commented 1 year ago

This recent thread from less than a week back as of this writing talks about several false positives found with VirusTotal including W32.AIDetectMalware.64 found by Bkav Pro at the top of the list.

Again, I can't say 100% this is a false positive but given the circumstances around how this app was built given above, I believe it is. Also, Bkav Pro is not one of the major antivirus software suites.

reddit.com/r/antivirus/comments/15zku92/virustotal_identified_possible_malware_in_my_gpus/

dor73 commented 1 year ago

thanks for your reply, probably is a false positive. as soon as i have some time i will try to compile it for Windows and check if there is the same problem. Yesterday I checked on VirusTotal the Macintosh version in .dmg. This version has no flags. Thank's for your job. A tip: it would be useful to have the monochrome option in both BW and Green and Amber phosphors with specific buttons on the window.

samkusin commented 5 months ago

Seems this is a false positive. Getting these removed from Windows builds without using a cert may not be worth the cost. As mentioned above that one check seems to be the only one that reports a virus and has been the source of other false positives.