BitDefender is detecting inchi-1.exe 1.07 as a virus
Opened this issue · 14 comments
I see this in my BitDefender logs.
On-Access scanning has detected a threat. The file has been deleted.C:\Dev\Mike***\Inchi\Inchi\inchi-1.exe is malware of type Gen:Variant.Lazy.591568
Please fix this
inchi-1.exe
InChI version 1, Software v. 1.07 (inchi-1 executable)
Windows 64-bit Build (MS VS 2017 or later) of Jul 16 2024 16:25:04
Scan results from VirusTotal show 7 detections.
I think it's safe to say this is a false positive, maybe open a report to Bitdefender?
I agree that it's most likely a false posative, but it is also flagged by other engines too.
Besides which it is not my place to report this, it should be done by the Inchi Trust
I got a smiliar warning using G Data on Windows (sorry for the german):
Virus: Gen:Variant.Lazy.591568 (Engine A)
Datei: inchi-1.exe
Verzeichnis: [...]\InChI\INCHI-1-BIN\windows\64bit
@JanCBrammer can you confirm the released binary files are built in a github workflow and not in any personal PC that may be compromised?
The binarys I used were downloaded from the release folder https://github.com/IUPAC-InChI/InChI/releases/download/v1.07.1/INCHI-1-BIN.zip
And this for the 1.07 binaries @giallu @JanCBrammer
https://github.com/IUPAC-InChI/InChI/releases/download/v1.07.0/INCHI-1-BIN.zip
can you confirm the released binary files are built in a github workflow and not in any personal PC that may be compromised?
@giallu, the binaries under https://github.com/IUPAC-InChI/InChI/releases/download/ aren't built on GitHub runners. See #1.
As far a I know, currently, @djb-rwth, is building them on his machine.
Ok. I still think this is likely a false positive (otherwise more engines would mark the binaries as infected) but it make sense to start building them in the github enviroment so we can be pretty sure about it.
For my part, I can add to the cmake branch a package target that bundles the artifacts together and makes them available
I think it would be a good idea to (code) sign all the binary files exe and dll in the release as that should help apease the AV vendors.
I've uploaded the .exe to G Data, they accepted and whitelisted it.
Hi all,
Thanks @fbaensch-beilstein for confirming my suspicions that this is a false positive.
This does not seem to be an isolated case in which BitDefender
detected Gen:Variant.Lazy.591568
falsely -- please refer to the following hyperlinks: hl1, hl2 or hl3.
Almost all AV software tends to be over-protective in cases of .exe
files as malware and spyware most frequently sneak them within the OS.
Just recently, even the basic Windows Security
falsely detected PUABundler:Win32/Rostpay
within a MyConsoleApplication.exe
which contained a compiled Hello world
program and PUA:Win32/Presenoker
inside GCC 14.1
for MS Windows
installation files.
In line with @MikeWilliams-UK suggestion, all binaries will be digitally signed from now on and we shall see if that works.
I would like to encourage the users who encounter this sort of problem to submit the file(s) to the AV software HQs for further analyses/whitelisting, just like @fbaensch-beilstein did.