Windows Build 6962 Detected as Trojan/Malicious by Virustotal
DougieDoodles opened this issue · 3 comments
DougieDoodles commented
Help us help you
- I have checked that my issue doesn't exist yet.
- I have tried my absolute best to reduce the problem-space and have provided the absolute smallest test-case possible.
- I can always reproduce the issue with the provided description below.
Environment
- Operating System version: Windows 10
- Current SourceMod version: 1.11
- Current SourceMod snapshot: build 6962
- Current Metamod: Source snapshot:
- I have updated SourceMod to the latest version and it still happens.
- I have updated SourceMod to the latest snapshot and it still happens.
Description
- Tried updating sourcemod to latest
- After extracting zip, Windows defender removed "sourcemod\extensions\sdktools.ext.2.bms.dll"
- Confirmed by uploading the zip file to virus total service
- I checked Linux version of the same build and it was fine
- I checked latest dev build and the issue is still present
Problematic Code (or Steps to Reproduce)
1. download version 1.11 build 6962 windows
2. upload to virustotal
Logs
- 1.11 6962 windows: https://www.virustotal.com/gui/file/3766c04678023d98f027dd636c1581a0f6813a3355a70473acd4f1e0f1f3869c
- 1.11 6962 linux: https://www.virustotal.com/gui/file/b5168251d54ccffce9ee4ca76d4bfaed5a48cdfdcf97cb3f1f59020254bdcae0
- 1.12 7125: https://www.virustotal.com/gui/file/d1e88880e4b3116371431db30daee80a98ee8c37ff0ba51cf9d1ccd085e6b644
Mooshua commented
The heuristics seem to dislike L4D2/L4D sourcemod cores and the BMS edition of sdktools, and of course SourcePawn. All but SourcePawn are rarely updated and last had their prebuilts updated last decade, assuming no one force-pushed to hide any changes.
Do we sign the release binaries? This feels like something that would be solved by slapping a cert on it, especially since the linux versions come out clean (assuming that there isn't a backdoor in there somewhere)