samyeyo / LuaRT

Open source Windows programming framework for Lua
https://www.luart.org
Other
299 stars 19 forks source link

luart.exe is flagged as a virus by ESet Antivirus #198

Open ArthurZ opened 5 months ago

ArthurZ commented 5 months ago

luart.exe is flagged as a virus by ESet Antivirus and quarantined.

samyeyo commented 5 months ago

Hi Arthur,

It's a known problem. LuaRT is relatively new for antivirus programs and some may falsely detect it as a threat.

One major concern, is that LuaRT executables are not signed by a certificate (that cost lots of money every year)

LuaRT is a program interpreter. It's no more malicious than Python, JavaScript, VBScript, Java, etc.

But it's not famous enough to be declared safe by Antivirus.

ArthurZ commented 5 months ago

Hi @samyeyo, Agreed, but having it installed on my work machine would trigger me being locked out, and InfoSec running after me. Not desirable at all. So there should be a warning. With respect to the AV vendors, they accept submissions asking to whitelist software components. I can submit to ESet, but there are too many to process with various procedures. Lastly, the cost of signing open source software perhaps of lesser costs or non-existent. Please skim through https://stackoverflow.com/questions/1177552/code-signing-certificate-for-open-source-projects Hope I can be of help. Thank you for the hard work!

samyeyo commented 5 months ago

You are wrong sadly, the link you provide is quite old now. Since a few years, costs of EV certificates have increased so much.

Here is the link to one of the cheapest providers : https://comodosslstore.com/code-signing/comodo-individual-code-signing-certificate

Don't know if it's an EV code signing cettificate (this kind of cert is recommended on Windows), that may cost much more...