search

tushev / aojdk-updatewatcher

Automatic update tool for AdoptOpenJDK, Eclipse Temurin™ and/or IBM® Semeru® Open Edition releases
https://github.com/tushev/aojdk-updatewatcher/wiki
MIT License
125 stars 2 forks source link

[FALSE POSITIVE] programm categorized as malicious/malware #2

Closed mziehm closed 4 years ago

mziehm commented 4 years ago

Your programm is categorized by multiple anti-virus programms as Malicious/Malware: https://www.virustotal.com/gui/file/25662cec109284f2d702c58531d88002fd6c7c7515f911b8e1d04f73b1ba6edb/detection

Please adress these security concerns

tushev commented 4 years ago

This is (to my best knowledge and intentions) a false positive. It usually happens with 'new' and 'unpopular' software (my humble 200+ downloads definitely do not make it a world-class hit xD) - some engines just treat everything 'not popular' as threats.

Frankly, I've never heard before of those 4 antivirus engines. If there was something really malicious, the trustworthy ones AV would definitely show it.

If you are concerned about security, you can always clone the code and compile the code yourself.

tushev commented 4 years ago

So far it seems that the issue is caused by false positive from some 'not very popular' AV engines. The false positive is caused by the installer I use (Inno setup), and not my application itself, which is reported as clean: https://www.virustotal.com/gui/file/e03adf1a2d78ceac319132351201dcadf48079fb2027a83aa7c6864c36758a5a/details

I've released a zip-archive without any installer. You can confirm that it is 100% clean on VT: https://www.virustotal.com/gui/file/a1ed2b2c6ad6af4c024e8c6f9d2ccd9316ea365b4b865b0a271f0b874b31b779/detection

mziehm commented 4 years ago

Thanks for looking into it and the installer-free verison. Unfortunately, our IT mandated TrendMicro ApexOne is still blocking the AJUpdateWatcher.exe, which was the same for the installer and triggert my virustotal examination. Maybe our TrendMicro ApexOne is a bit overly carefull.

andreasbenzing commented 4 years ago

FYI: Microsoft Defender SmartScreen also complains about "Publisher: Unknown publisher".

tushev commented 4 years ago

@andreasbenzing thanks. Yes, this happens because this app is not signed (currently I'm not willing to spend money on code signing certificate for a hobby-made app) and the app itself is not very popular (yet?).

It is still possible to verify integrity by checking SHA-256 checksums.