jarmo/RAutomation

WindowsForms.exe is detected as malicious

Closed this issue · 1 comments

Hi, Pls, beware, rautomation gem is considered as malicious. I submitted WindowsForms.exe to https://www.virustotal.com for analyse and here is the result.
image

jarmo commented

@mora-01 thank you for your report.

I built WindowsForms.exe myself and uploaded it to virustotal (https://www.virustotal.com/gui/file/055dc4f55b3c69fb85a1dd6364ce9a8b4b261e95c46af6ac24d5002cfa5ed8ba?nocache=1) and can verify that 4 out of 72 think that it is malicious.

I have a strong reason to believe that it's a false-positive - WindowsForms.exe is not committed to the repository, but it is built with rake build using source code part of the repository at ext/WindowsForms. This executable is used for running specs to test that RAutomation can handle Windows UI elements as expected. Since executable is built by anyone running specs (or just rake build:windows_forms) then it is possible in theory that during building this executable an infected machine can make a malicious executable. But it's definitely not the first time in history when some AV-software is being too careful.

Since all the source code is fully visible in this repo to build WindowForms.exe then if you (or anyone else) can locate a malicious code within ext/WindowsForms (or anywhere else within this repository) then please reopen/recreate an issue, which shows that. Until this I will close this issue.

Still, thank you for bringing this under attention and it's better to be safe than sorry.