Hi! Thanks for the quick version
The new version is no longer detected by my ClamAV as a virus.
What's very strange is that I re-run the test in virustotal for meld.exe. Same
hash, same filename, but now with 6/51 detection rate
https://www.virustotal.com/en/file/eb273111729694a5c98e5b0e133f73ff2405a6004187fba2b6637abf304538e6/analysis/1391472821/
meldc.exehowever, has much lower detection ratio (3/50)
It may be worth noticing that none of the antivirus agrees on the type of virus
being detected, meaning it's a high chance of being a false positive (one of
the initial fears is that the uploader/packager's PC is infected).
Compressed files are always hard to detect by antiviruses. Is the compression
ratio really that high to justify UPX/MPRESS?
Cheers
Matías
IMPORTANT:
The information contained in this email may be commercially sensitive and/or
legally privileged.
It is intended solely for the person(s) to whom it is addressed. If the reader
of this message is not the intended recipient, you are on notice of its status
and hereby notified that your access is unauthorized, and any review,
dissemination, distribution, disclose or copying of this message including any
attachments is strictly prohibited.
Please notify the sender immediately by reply e-mail and then delete this
message from your system.
________________________________
De: Keegan Witt <[email protected]>
Para: Meld List <[email protected]>
Enviado: domingo, 2 de febrero de 2014 23:46
Asunto: Re: [Windows] ClamAV detects Meld as a Trojan.
Thank you for pointing this out. For what it's worth, I assure you it's clean
:) I did some Googling, it seems antivirus programs have been flagging
executables compressed with UPX as being trojans. I updated my AutoHotkey I've
been using to compile meld.exe and meldc.exe, the new version now uses MPRESS
for compression instead of UPX. When I re-ran the scan with the recompiled
versions, it looked cleaner, but there were engines that kept timing out. But
when I ran the scan on just meld.exe, only Rising and VBA32 complained so I
think I'm on to something here. Could you see if you are able to get a
complete result with the test versions I've uploaded here:
https://sourceforge.net/projects/meld-installer/files/Testing/? If it looks
like this improves the false positives (which given what I saw with meld.exe
results, it should) I'll go ahead and move these out of testing as an official
release.
-Keegan
On Sun, Feb 2, 2014 at 5:19 PM, Michael Mientus <[email protected]> wrote:
I have not had a problem with the Windows installer from SourceForge.
>
>http://sourceforge.net/projects/meld-installer/
>
>You might open a ticket with your vendor to have them take a look at it. And
>make an exception in your antivirus software as a workaround.
>
>Mike
>
>
>From:meld-list [mailto:[email protected]] On Behalf Of Matias N.
>Goldberg
>Sent: Sunday, February 02, 2014 1:45 PM
>To: [email protected]
>Subject: [Windows] ClamAV detects Meld as a Trojan.
>
>Hi everyone!
>
>I'm new to this newslist. Please, excuse me if I'm in the wrong place.
>
>I've subscribed just to report that ClamAV detects "meld-1.8.4.0.exe" as a
>Trojan:
>
>D:\Downloads\meld-1.8.4.0.exe: Win.Trojan.Autoit-734 FOUND
>
>I downloaded the Zip version and the problem persisted:
>D:\Downloads\meld-1.8.4.0\meld\meld.exe: Win.Trojan.Autoit-734 FOUND
>D:\Downloads\meld-1.8.4.0\meld\meldc.exe: Win.Trojan.Autoit-734 FOUND
>----------- SCAN SUMMARY -----------
>Known viruses: 3099685
>Engine version: 0.98
>Scanned directories: 771
>Scanned files: 12171
>Infected files: 2
>
>I uploaded the file meld.exe to virustotal.com 5/49 and out of them reported
>as Trojan:
>
>Antivirus Result
> Update
>Kingsoft Win32.Troj.IAgent.wt.(kcloud) 20130829
>McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20140202
>Rising PE:Spyware.KeyLogger!1.9F7B
>20140202
>TheHacker Trojan/AutoHK.ed 20140202
>TrendMicro-HouseCall TROJ_GEN.F47V120520140202
>
>Interestingly their ClamAV didn't detect it (my definitions are up to date).
>
>I did not research into whether this is a false positive or actual infected
>files.
>Looks like I will have to try compiling from source, which doesn't look
>straightforward.
>
>Cheers
>Matias
>
>IMPORTANT:
>The information contained in this email may be commercially sensitive and/or
>legally privileged.
>It is intended solely for the person(s) to whom it is addressed. If the reader
>of this message is not the intended recipient, you are on notice of its status
>and hereby notified that your access is unauthorized, and any review,
>dissemination, distribution, disclose or copying of this message including any
>attachments is strictly prohibited.
>Please notify the sender immediately by reply e-mail and then delete this
>message from your system.
>
>_______________________________________________
>meld-list mailing list
>[email protected]
>https://mail.gnome.org/mailman/listinfo/meld-list
>
_______________________________________________
meld-list mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/meld-list
_______________________________________________
meld-list mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/meld-list
