Virus detection for ldc2-1.20.1-windows-multilib.7z #3448
Comments
That affects all who publish prebuilt packages. Nothing can be false positive free, because 'virus-scanners' are software too (and many times, crappy pieces of software). So unless you have stronger indications than 7 (from what I can tell, not well-known) engines out of 53 (I thought they had more last time I used virustotal) warning about some trojan, most likely based on a weak heuristic, there's IMO absolutely no need to take any action. The link you forgot: https://www.virustotal.com/gui/file/c4696efc1d731e0b579a4342713e5121c26e8ece2eb77d0a471926259c584a24/detection |
|
Still mildly interested, I've retriggered the analysis, now 12 out of 56 warn, incl. Kaspersky. With v1.22-beta1 (link), it's 10 out of 54, with Kaspersky detecting a different trojan. - The build is fully automated and transparent (part of the CI), executed by Azure Pipelines on MS Azure boxes. Bundled libcurl.dll and the MinGW-based libs have been generated on my box but are seldomly updated. |
Providing virus total with the downloaded 7z file seems to give back a previous test (same hash) saying it found virus from 7 engines.
Providing a link to the same file on github release page gives an all green result. Strange.
This same version of ldc2 is also included with the latest visuald package (with included compilers) and it trigged a warning from F-Secure on my computer too.
I have no clue if this is false positive or not.
It seems like a general problem on how to ensure virus free and false positive free releases.
The text was updated successfully, but these errors were encountered: