donho
commented
11 months ago @sunjw Could you check this issue with Bitdefender please?
Closed VektreX closed 11 months ago
donho
commented
11 months ago @sunjw Could you check this issue with Bitdefender please?
rdipardo
commented
11 months ago It's most likely the usage of internet-facing functions that's getting flagged:
$ readpe --imports JSMinNPP.dll
Imported functions
# [ . . .]
Library
Name: WININET.dll
Functions
Function
Hint: 201
Name: InternetOpenW
Function
Hint: 149
Name: InternetCloseHandle
Function
Hint: 200
Name: InternetOpenUrlW
Function
Hint: 206
Name: InternetReadFile
# [ . . .]To give just one example of how dumb these heuristics really are: I usually shrink my plugin binaries with UPX (a red flag all by itself), yet the zipball still gets a clean rating.
sunjw
commented
11 months ago Just a clear false positive. And if you are still concerned, I suggest you use Visual Studio Code. VSC has a much better security model. JSTool for VSC is written purely in JS, the package released on VSC extension market is the same as the code in this repo. You can compare codes line by line. FYI: 1.2312.0 will be released soon, which BitDefender feels OK. https://www.virustotal.com/gui/file/bc819fad1a12a6a29392ad67dfb88d730bb8ac4ecee98f47bb73a0fab387c63e
Earlier today as I opened Notepad++ I got an error message from Notepad++ about JSMinNPP.dll, and Bitdefender lit up and flagged the dll as Gen:Variant.Tedy.504791
I also checked out the downloads page from source forge and noticed that it was also blocked, with Bitdefender detecting the zip file as Trojan.GenericKD.70772555
Here's the Virustotal report for reference: https://www.virustotal.com/gui/file/c11d28501fb7301ffcc1ff6ffb5635c6ebe0cab6d0baedb763c82cfe2e76f9ea/detection
This is likely a false positive that you might have to work out with the antivirus vendors, although you may also want to check what you're building to see why it's being detected in the first place.