VirusTotal warnings again
LeonisX opened this issue ยท 8 comments
https://www.virustotal.com/gui/file/bef1057e26ca839e07e32e64c5c96e6022f43b948300badccc87c35bbcb413da
24 security vendors flagged this file as malicious.
Latest release : https://github.com/ocornut/meka/releases/tag/meka-20210726
I understand that this is a false positive, but the search engines will pessimize the smspover.org website and this repository too. Need to do something.
well, as i see, the only problem is that Meka has a executable file, which is Meka.exe, and that is what the security vendors are flagging as malicious. I saw it happening while tried to add some zipped attachments to gmail, some time ago.
for me there are two quick-and-dirty solutions:
- Not distribute the executable, forcing the user to complile it from source
- Try to mask the executable, either by renaming the extension, zipping it or other way. I once was able to send exe using gmail by zipping it and renaming the file to .zap
It can be also a minGW issue:
https://stackoverflow.com/questions/62364507/compiled-c-executable-is-detected-as-a-virus-by-windows-defender
@lucianoloder great link ๐
Windows users are unlikely to compile the emulator on their own, this is not a trivial task.
Another option is to put a password on the archive.
i created a build from source, but that is also flagged on virustotal https://www.virustotal.com/gui/file/c4cd1c2b328487ced3df621c689409606a1453b66b50963f6434ab36fb2cba22?nocache=1
It seems a painful manual process to report false positives. Example: https://service.mcafee.com/?articleId=TS103032&page=shell&shell=article-view
At this point in time it appears antiviruses are the malware themselves.
eg https://twitter.com/doctorow/status/1478479483585933312?s=21
The "debug" build is not flagged by all the scanners just one, it seems to be something the compiler does in "release" mode. But i guess more software should be hit by the compiler optimizations.
May be try to use mingw-w64/CodeBlock's MinGW instead of mingw.org, as suggested here https://stackoverflow.com/questions/62364507/compiled-c-executable-is-detected-as-a-virus-by-windows-defender
I think the releases are built with MSVC.
It's a bad experience for normal users to get a warning on the file when they try to run it (as Windows does by default now). A virus checker pop up should stop them running it at all. We hate antivirus because it is malware but we can't hate our users...