sunjw / jstoolnpp

A JavaScript (JSON) tool for Notepad++ (formerly JSMinNpp) and Visual Studio Code.
GNU General Public License v2.0
284 stars 24 forks source link

Bitdefender detection of JSMinNPP.dll #147

Closed VektreX closed 11 months ago

VektreX commented 11 months ago

Earlier today as I opened Notepad++ I got an error message from Notepad++ about JSMinNPP.dll, and Bitdefender lit up and flagged the dll as Gen:Variant.Tedy.504791

I also checked out the downloads page from source forge and noticed that it was also blocked, with Bitdefender detecting the zip file as Trojan.GenericKD.70772555

Here's the Virustotal report for reference: https://www.virustotal.com/gui/file/c11d28501fb7301ffcc1ff6ffb5635c6ebe0cab6d0baedb763c82cfe2e76f9ea/detection

This is likely a false positive that you might have to work out with the antivirus vendors, although you may also want to check what you're building to see why it's being detected in the first place.

donho commented 11 months ago

@sunjw Could you check this issue with Bitdefender please?

rdipardo commented 11 months ago

It's most likely the usage of internet-facing functions that's getting flagged:

$ readpe --imports JSMinNPP.dll
Imported functions
# [ . . .]
    Library
        Name:                            WININET.dll
        Functions
            Function
                Hint:                            201
                Name:                            InternetOpenW
            Function
                Hint:                            149
                Name:                            InternetCloseHandle
            Function
                Hint:                            200
                Name:                            InternetOpenUrlW
            Function
                Hint:                            206
                Name:                            InternetReadFile
# [ . . .]

To give just one example of how dumb these heuristics really are: I usually shrink my plugin binaries with UPX (a red flag all by itself), yet the zipball still gets a clean rating.

sunjw commented 11 months ago

Just a clear false positive. And if you are still concerned, I suggest you use Visual Studio Code. VSC has a much better security model. JSTool for VSC is written purely in JS, the package released on VSC extension market is the same as the code in this repo. You can compare codes line by line. FYI: 1.2312.0 will be released soon, which BitDefender feels OK. https://www.virustotal.com/gui/file/bc819fad1a12a6a29392ad67dfb88d730bb8ac4ecee98f47bb73a0fab387c63e