alliedmodders/sourcemod

Windows Build 6962 Detected as Trojan/Malicious by Virustotal

DougieDoodles opened this issue · 3 comments

Help us help you

  • I have checked that my issue doesn't exist yet.
  • I have tried my absolute best to reduce the problem-space and have provided the absolute smallest test-case possible.
  • I can always reproduce the issue with the provided description below.

Environment

  • Operating System version: Windows 10
  • Current SourceMod version: 1.11
  • Current SourceMod snapshot: build 6962
  • Current Metamod: Source snapshot:

Description

  • Tried updating sourcemod to latest
  • After extracting zip, Windows defender removed "sourcemod\extensions\sdktools.ext.2.bms.dll"
  • Confirmed by uploading the zip file to virus total service
  • I checked Linux version of the same build and it was fine
  • I checked latest dev build and the issue is still present

Problematic Code (or Steps to Reproduce)

1. download version 1.11 build 6962 windows
2. upload to virustotal

Logs

The heuristics seem to dislike L4D2/L4D sourcemod cores and the BMS edition of sdktools, and of course SourcePawn. All but SourcePawn are rarely updated and last had their prebuilts updated last decade, assuming no one force-pushed to hide any changes.

Do we sign the release binaries? This feels like something that would be solved by slapping a cert on it, especially since the linux versions come out clean (assuming that there isn't a backdoor in there somewhere)